Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New type of Anti-Ransomware program.


  • Please log in to reply
2 replies to this topic

#1 34BLEEP00XX

34BLEEP00XX

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:09 AM

Posted 25 August 2017 - 12:51 PM

Have you heard about this program: Cybereason Ransom Free? It is a military strength Anti-Ransomware program.



BC AdBot (Login to Remove)

 


#2 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:04:09 AM

Posted 25 August 2017 - 12:53 PM

Question: I had a e-mail which saíd: Incoming voice-mail from unknown address. Was THAT also some sort of ransomware trick?



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:09 PM

Posted 25 August 2017 - 05:48 PM

Cybereason Ransomfree is program similar to CryptoMonitor by Nathan Scott (which is no longer supported). Both were among the first to utilize trap files and folders...patterns of files and hidden virtual files that ransomware is attracted to. This feature is more commonly referred to as "Entrapment Protection".

I quote Nathan's explanation of Entrapment Protection from his now closed EasySync web site in this topic.

Entrapment Protection
Entrapment Protection lays numerous different types of traps all around your system that a Ransomware Infection cannot resist to touch. These traps send encrypted pattern signals back and forth between CryptoMonitor and themselves constantly. When a Ransomware Infection falls into one of these traps, the pattern is broken and CryptoMonitor immediately takes action. Once this happens, the machine is locked down and you are alerted about the infection and prompted for your decision on what actions to take. During this time, no file modifications are allowed, so your files are safe while you think about your course of action. With this protection enabled you may notice a few hidden files, registry keys, folders, and services running, but don't worry, they are there to protect you!


The use of trap files and folders is not a 100% solution...some data files typically will end up being encrypted by ransomware but whatever helps with prevention, I consider useful.

I keep a running list of ransomware prevention tools (Post #2) in this topic.


Crypto malware and other forms of ransomware spread via a variety of common vectors...opening a malicious or spam email attachment, executing a malcious file, web exploits, exploit kits, malvertising campaigns, non-malware (fileless) attacks:, drive-by downloads and RDP bruteforce attacks against servers especially by those involved with the development and spread of ransomware. Section :step2: in this topic explains in more detail the most common methods Crypto malware (file encrypting ransomware) and other forms of ransomware is typically delivered and spread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users