Ramblings of an old Doc
I'd recommend it but...
Published on December 20, 2016 By DrJBHL In Personal Computing

 

Well, it's free and is made to be a high level program for PCs running Windows 7, 8 and 10 (x32 and x64):

RansomFree needs to be installed on the target machine. The protection that it adds to the system is interesting, as it creates a number of files on the system that it monitors for changes.

These files use characters that place them at the top of the directory structure. The idea is that ransomware will parse for files using the same structure so that the created files will be targeted first by the attack.

The company behind the product believes that this is the best proactive way to detect ransomware on a PC at the earliest...Ransomfree places popular file formats, docx, doc, sql, xls and so on in the folder which are often targeted by ransomware attacks as they are - usually -- personal or work related." - gHacks

 

CyberReason state they've tested their software against forty known threats and it stops them cold. BleepingComputer (link below) confirmed this but with a more limited number of known threats. RansomFree isolates low level ASCI encrypted files and protects them and uses any changes being made to them as the alarm to have you cease their being accessed. They do this because: 

"Cybereason researched tens of thousands of ransomware variants belonging to over 40 ransomware strains, including Locky, Cryptowall, TeslaCrypt, Jigsaw and Cerber and identified the behavioral patterns that distinguish ransomware from legitimate applications. While each ransomware strain was written by different criminal teams, they all exhibit the same low-level file-related behavior. Ransomware attempts to encrypt as many files as possible, as quickly as possible.

Cybereason has developed a unique behavioral approach to stop ransomware in its tracks. Since we’ve identified the typical pattern of behavior, we know how and where ransomware will start encrypting files. We built this knowledge into RansomFree: a free, anti-ransomware software that detects and blocks ransomware.

By targeting the common behavior of ransomware, Cybereason RansomFree protects against 99 percent of ransomware strains. RansomFree detects ransomware, suspends the activity, displays a popup that warns users that their files are at risk and lets the user stop the attack with one click.

RansomFree protects against local encryption as well as the encryption of files on network or shared drives. The encryption of shared files is among the doomsday scenarios an organization can imagine. It takes only one employee on the network to execute ransomware and affect the entire company.

RansomFree catches stand-alone ransomware programs as well as fileless ransomware. Stand-alone ransomware uses vulnerabilities in applications, like buggy Flash code, but fileless ransomware abuses legitimate Windows tools, like the PowerShell scripting language or JavaScript, to carry out its malicious intentions." - CyberReason

The problems are 1) 99%, not 100% because their behavior isn't 100% consistent and 2) It will only be a matter of time before the ransomware programmers adopt a different approach from the one being protected against.

Still, it's better than nothing, but folks, configure your firewall correctly as a first step: https://technet.microsoft.com/en-us/library/cc700820.aspx 

As gHacks put it: 

"It is best to complement anti-ransomware tools with other means including backup creation and resident security solutions such as a properly configured firewall." - gHacks

CyberReason's homepage: https://ransomfree.cybereason.com/

 

Sources:

http://www.ghacks.net/2016/12/20/ransomfree-protect-pc-ransomware/?_m=3n%2e0038%2e1950%2ehj0ao01hy5%2e213l

https://ransomfree.cybereason.com/ (also the download page (in the top banner)

https://www.cybereason.com/blog-cybereason-ransomfree-protecting-your-data-from-being-held-hostage/

https://technet.microsoft.com/en-us/library/cc700820.aspx

https://msdn.microsoft.com/en-us/library/cc875811.aspx

 

 


Comments (Page 1)
on Dec 20, 2016

Looks like a worthwhile proggy...

on Dec 23, 2016

Thanks, Doc.... trying it out now.  I avoid things normally associated with ransomware delivery and etc, but still, it is much better to be safe than sorry.

on Dec 23, 2016

Welcome, Mark. Hope it prevents something truly bad.

on Dec 23, 2016

I've been using it since your post Doc,  It has already updated once, so that suggest to me that they are quite possibly staying ahead of the curve when it comes to bad actors trying to side-step it's protection.

-- Ace --

on Dec 23, 2016

AceMatrix

I've been using it since your post Doc,  It has already updated once, so that suggest to me that they are quite possibly staying ahead of the curve when it comes to bad actors trying to side-step it's protection.

-- Ace --

 

Ditto ...

on Dec 24, 2016

Thanks, Doc, for your post.  I'm trying it out too.  One of my wife's friends recently got hit by one of those, she had to ask her son to reformat and reinstall everything.

on Dec 24, 2016

Trying it now - thanks for the info

on Dec 24, 2016

Fuzzy Logic

Trying it now - thanks for the info

on Dec 24, 2016

DrJBHL

Welcome, Mark. Hope it prevents something truly bad.

Same here, and not just for me.

Sadly, it's not software that's capable of sending a bolt of lightning right back to the creators of these vile things.

on Jan 24, 2017

Hello! I'm new here and it may be wrong thread, but still I want to ask you if there is any way to recover files after this merry_i_love_you_bruce ransomware attack? I've already tried to use ShadowExplorer but no luck for me.

So I'd be very thankful for any help!

on Jan 24, 2017

StillmissYou

Hello! I'm new here and it may be wrong thread, but still I want to ask you if there is any way to recover files after Osiris ransomware attack? I've already tried to use ShadowExplorer but no luck for me.

So I'd be very thankful for any help!

 

ShadowExplorer is only useful to explore 'shadow copies' of files.  Of course that only worked to recover data until the ransomware dudes got smart enough to encrypt and/or delete those copies as well.  Sorry to say if you've been hit by one of the newer iterations, you're likely out of luck.

on Jan 25, 2017

StillmissYou

Hello! I'm new here and it may be wrong thread, but still I want to ask you if there is any way to recover files after Osiris ransomware attack? I've already tried to use ShadowExplorer but no luck for me.

So I'd be very thankful for any help!

 

My advice is join the forums at BleepingComputer.com - they have very knowledgeable people there who can help with ransomware.  They may know of a free decrypter that can be used to recover your data.  Determine that first before removing the infection.  If there is a free decrypter then clean the machine with MalwareBytes AntiMalware and recover your data.

https://www.bleepingcomputer.com/forums/

on Mar 19, 2017

An update to this program now places two hidden folders on every internal partition.  The folders contain files with misleading extensions, such as a jpg which isn't a jpg, txt which isn't a txt file, etc..  They also have strange names such as friendship-insect-invite-repeat.docx.  IIf you delete the folders they will reappear.  I just spent three hours chasing down what I thought was a virus!  A readme file explaining the contents odf each folder would have saved me a lot of time.

on Mar 20, 2017

gevansmd

An update to this program now places two hidden folders on every internal partition.  The folders contain files with misleading extensions, such as a jpg which isn't a jpg, txt which isn't a txt file, etc..  They also have strange names such as friendship-insect-invite-repeat.docx.  IIf you delete the folders they will reappear.  I just spent three hours chasing down what I thought was a virus!  A readme file explaining the contents odf each folder would have saved me a lot of time.

You should also have a few icons on the desktop with titles such as 'do not delete me....' explaining what they are...and I believe the website explains it....and there's a RTFM somewhere too...

Those folders and items inside are monitored by the proggy looking for signs of ransom attack....being at the beginning of a folder tree means they get hit first...and thus no genuine file of yours gets hit before the proggy has a chance to react...

on Mar 20, 2017

It appears to change the 'bait' folder and file names intermittently and randomly, also, so it could easily raise an eyebrow if one hadn't checked the documentation.  So far, it seems quite unobtrusive otherwise.

Meta
Views
» 41025
Comments
» 35
Sponsored Links