Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crypto Ransomware & Sandboxie


  • Please log in to reply
8 replies to this topic

#1 tsgtsc84

tsgtsc84

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 08 July 2015 - 03:00 AM

Morning Everyone!

 

I have a quick question, I run every session of Google Chrome, and other web browsers within Sandboxie. If I were to be hit with a Crypto Ransomware i.e., CryptoWall 3.0, would Sandboxie protect the actual system?

 

Tony :)



BC AdBot (Login to Remove)

 


#2 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:10:32 AM

Posted 08 July 2015 - 03:21 AM

It's a few months old now and pertains to CryptoWall 2.0, but worthwhile reading anyway:

 

https://americaneditor.wordpress.com/2015/01/10/articles-worth-reading-inside-cryptowall-2/

 

Although malware authors may lose a bit of money due to not hitting people running in any kind of virtualised environment, they protect themselves using anti-debugging techniques designed to make it hard to find out what it's up to.

 

Elsewhere I have read that certain API calls fail with a different error code depending on whether you're running in a virtualised environment or a physical one.  So the malware makes a call to the API that it knows will fail, and see which error code is returned.  If indications are that it's on some kind of VM, then all bets are off: it'll pack up and go home because it doesn't want to be detected and analysed.


Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network

#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:32 AM

Posted 08 July 2015 - 03:48 AM

There's a line that tickled me the wrong way in that blog post...

And contrary to popular belief, your antivirus and malware programs do not protect against ransomware.

There are some (but not all) AVs that are very effective against crypto ransomware.

The best prevention against crypto ransomware is still safe surfing - software like Sandboxie helps, though :)

#4 Angoid

Angoid

  • Security Colleague
  • 299 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:East Midlands UK
  • Local time:10:32 AM

Posted 08 July 2015 - 05:15 AM

Yes, I noticed that line too.  You're correct: safe surfing is the best protection but you also need some electronic safeguards too.

For example, you might fall foul to malware because of a hacked advertisement on Facebook.

I use AdBlock Plus across all my browsers and only allow adverts on sites that I know will advertise responsibly.


Helping a loved one through a mental health issue?  Remember ALGEE...

Assess the risk | Listen nonjudgementally | Give reassurance and info | Encourage professional help | Encourage self-help and support network

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:32 AM

Posted 08 July 2015 - 07:59 PM

The best defensive strategy is a comprehensive approach...make sure you are running an updated anti-virus and anti-malware product, use supplemental security tools with anti-exploitation features capable of stopping (preventing) infection before it can cause any damage, update all vulnerable software and routinely backup your data. You should rely on behavior detection programs rather then standard anti-virus definition (signature) detection software only. This means using programs that can detect when malware is in the act of modifying/encrypting files rather than just detecting the malicious file itself which in most cases is not immediately detected by anti-virus software.

For example, Emsisoft Anti-Malware uses advanced behavioral analysis which is extremely difficult to penetrate...it continually monitors the behavior of all active programs looking for any anomalies that may be indicative of malicious activity and raises an alert as soon as something suspicious occurs. EAM also has the ability to detect unknown zero-day attacks without signatures.

Ransomware Prevention Tools:Backing up your data and disk imaging are among the most important maintenance tasks users should perform on a regular basis, yet it's one of the most neglected areas.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 tsgtsc84

tsgtsc84
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 09 July 2015 - 02:21 AM

Thank you everyone for all of your input/help. I hope I have succeeded in covering all area's when it comes to overall security. Quietman7, is the Symantec NoScript tool up to date?

 

Hope your all having an amazing summer!!!! Tony :)

 

P.S. this forum amazes me, I have learnt so much - which team of experts put this all together, you all deserve award(s)



#7 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:10:32 AM

Posted 09 July 2015 - 02:27 AM

You can also use the NoScript extension for Firefox or ScriptSafe extension for Chrome. Additionally there is uBlock Origin (for both browsers) that blocks both ads and scripts, but it needs a little tweaking to enable the script blocking.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:32 AM

Posted 09 July 2015 - 05:04 AM

Noscript.exe is a simple (but older) stand-alone utility by Symantec which disables the Windows Scripting Host (WSH), preventing all script based programs (including malicious files) from executing automatically on the system.

You're welcome on behalf of the Bleeping Computer community.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 VecchioScarpone

VecchioScarpone

  • Members
  • 219 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:32 PM

Posted 02 August 2015 - 07:32 PM

Post #1 

 

The same question has been nagging me for the past few days. 

By searching the Bleeping forums I could not find much information, discussions on Sandboxie. Browsing the internet sandboxed seems quite bullet proof, considering that it claim to stops anything entering your real system, or does it not?

 

Off course the advice given by the members in these post are pure gold, and indeed heed it myself, I'm not contesting that. Just a bit puzzled how so little attention it seems to be given to Sandboxie in general and I wonder why.    

 

VS






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users