Ramblings of an old Doc
I'd recommend it but...
Published on December 20, 2016 By DrJBHL In Personal Computing

 

Well, it's free and is made to be a high level program for PCs running Windows 7, 8 and 10 (x32 and x64):

RansomFree needs to be installed on the target machine. The protection that it adds to the system is interesting, as it creates a number of files on the system that it monitors for changes.

These files use characters that place them at the top of the directory structure. The idea is that ransomware will parse for files using the same structure so that the created files will be targeted first by the attack.

The company behind the product believes that this is the best proactive way to detect ransomware on a PC at the earliest...Ransomfree places popular file formats, docx, doc, sql, xls and so on in the folder which are often targeted by ransomware attacks as they are - usually -- personal or work related." - gHacks

 

CyberReason state they've tested their software against forty known threats and it stops them cold. BleepingComputer (link below) confirmed this but with a more limited number of known threats. RansomFree isolates low level ASCI encrypted files and protects them and uses any changes being made to them as the alarm to have you cease their being accessed. They do this because: 

"Cybereason researched tens of thousands of ransomware variants belonging to over 40 ransomware strains, including Locky, Cryptowall, TeslaCrypt, Jigsaw and Cerber and identified the behavioral patterns that distinguish ransomware from legitimate applications. While each ransomware strain was written by different criminal teams, they all exhibit the same low-level file-related behavior. Ransomware attempts to encrypt as many files as possible, as quickly as possible.

Cybereason has developed a unique behavioral approach to stop ransomware in its tracks. Since we’ve identified the typical pattern of behavior, we know how and where ransomware will start encrypting files. We built this knowledge into RansomFree: a free, anti-ransomware software that detects and blocks ransomware.

By targeting the common behavior of ransomware, Cybereason RansomFree protects against 99 percent of ransomware strains. RansomFree detects ransomware, suspends the activity, displays a popup that warns users that their files are at risk and lets the user stop the attack with one click.

RansomFree protects against local encryption as well as the encryption of files on network or shared drives. The encryption of shared files is among the doomsday scenarios an organization can imagine. It takes only one employee on the network to execute ransomware and affect the entire company.

RansomFree catches stand-alone ransomware programs as well as fileless ransomware. Stand-alone ransomware uses vulnerabilities in applications, like buggy Flash code, but fileless ransomware abuses legitimate Windows tools, like the PowerShell scripting language or JavaScript, to carry out its malicious intentions." - CyberReason

The problems are 1) 99%, not 100% because their behavior isn't 100% consistent and 2) It will only be a matter of time before the ransomware programmers adopt a different approach from the one being protected against.

Still, it's better than nothing, but folks, configure your firewall correctly as a first step: https://technet.microsoft.com/en-us/library/cc700820.aspx 

As gHacks put it: 

"It is best to complement anti-ransomware tools with other means including backup creation and resident security solutions such as a properly configured firewall." - gHacks

CyberReason's homepage: https://ransomfree.cybereason.com/

 

Sources:

http://www.ghacks.net/2016/12/20/ransomfree-protect-pc-ransomware/?_m=3n%2e0038%2e1950%2ehj0ao01hy5%2e213l

https://ransomfree.cybereason.com/ (also the download page (in the top banner)

https://www.cybereason.com/blog-cybereason-ransomfree-protecting-your-data-from-being-held-hostage/

https://technet.microsoft.com/en-us/library/cc700820.aspx

https://msdn.microsoft.com/en-us/library/cc875811.aspx

 

 


Comments (Page 2)
3 Pages1 2 3 
on Mar 20, 2017

gevansmd

 IIf you delete the folders they will reappear.

Found that out when I tried to delete them, thinking the same thing. Then I realized why they were there. 

on Mar 20, 2017



Quoting gevansmd,

An update to this program now places two hidden folders on every internal partition.  The folders contain files with misleading extensions, such as a jpg which isn't a jpg, txt which isn't a txt file, etc..  They also have strange names such as friendship-insect-invite-repeat.docx.  IIf you delete the folders they will reappear.  I just spent three hours chasing down what I thought was a virus!  A readme file explaining the contents odf each folder would have saved me a lot of time.



You should also have a few icons on the desktop with titles such as 'do not delete me....' explaining what they are...and I believe the website explains it....and there's a RTFM somewhere too...

Those folders and items inside are monitored by the proggy looking for signs of ransom attack....being at the beginning of a folder tree means they get hit first...and thus no genuine file of yours gets hit before the proggy has a chance to react...

 

I don't have the desktop icons.  And I eventually figured out they were bait files because they are the types of files that ransomware would attack.  Since I didn't know the folders were created by this software I had no reason to check their website for an explanation.  It was only when I started shutting down starup aps that I found the problem.

on Mar 20, 2017

gevansmd

I don't have the desktop icons.  And I eventually figured out they were bait files because they are the types of files that ransomware would attack.  Since I didn't know the folders were created by this software I had no reason to check their website for an explanation.  It was only when I started shutting down starup aps that I found the problem.

The trick is that whenever you add a new proggy...no matter from whose suggestion it comes [even Doc's] the trick is to investigate first....check it out online before checking it out as a download/install.

Knowledge is power....

[just ask MS....Google....et al]

on Mar 20, 2017

Folders were not hidden for me.

on Mar 20, 2017


Folders were not hidden for me.

 

They are visible on my boot drive but hidden on drives D and E.  Ther are not on my external drive.

on Mar 20, 2017

I see them on all drives.

 

Thought they we supposed to be hidden.

on Mar 20, 2017

None are hidden here.  From their website Q&A:

Cybereason RansomFree watches the way applications interact with files, and when it detects ransomware behavior, it stops it immediately before the files are encrypted. Cybereason RansomFree uses pure behavioral detection techniques and does not rely on malware signatures.

Cybereason RansomFree deploys bait files strategically placed where ransomware often begins its encryption. The solution watches the way applications interact with files, and when it detects ransomware behavior, it stops it immediately before the files are encrypted.

Cybereason RansomFree uses pure behavioral detection techniques and does not rely on malware signatures.

Can't find anything on their site indicating whether the folders/files should or should not be hidden.

on Mar 20, 2017

I'm thinking not. I opened file explorer and then on folder options, unchecked show hidden files and folders, applied it and closed. The files are still there. I then reset it. Si I guess they stay visible but they have the look of hidden files and folders. 

on Mar 21, 2017


I see them on all drives.

Same here.  Thing is, I think if you leave 'Show Hidden Files' unchecked they wouldn't be visible.  I have those files visible so that I can see 'Program Data' and other files at a glance when needed.  However, I may just uncheck it so I'm not hunting through irrelevant folders on my storage and other drives... like some drives have collected quite a few since I installed RansomFree.

And like several others, I wondered what they were and why they were there.  I didn't take long to figure it out, though.  In reading some program documentation I soon found out why I suddenly had mysterious folders all over the place.. they were/are the bait files placed there by RansomFree.

on Mar 21, 2017

Ya think the bait is juicy enough?

Just asking. 

on Mar 21, 2017


Ya think the bait is juicy enough?

Just asking. 

 

I don't know about 'juicy' enough, but I've not seen any ransomware since installing the program.  That says one of two thing.  Nobody's interested in holding me to ranson, or the proggy works as advertised.

Oh yeah, with the bait folders being visible on drives, I unchecked 'Show Hidden Files & Folders and they are no longer showing up.

on Mar 21, 2017

I did the same thing, unchecked Show Hidden Files & Folders, yet they are still there.

on Mar 22, 2017


I did the same thing, unchecked Show Hidden Files & Folders, yet they are still there.

Okay!  It worked for me no worries.  I guess you must be doing it wrong.

Have you tried swapping hands with your mouse to see if that works? 

Seriously, though, unchecking 'Show Hidden Files and Folders' should have done it.  Having said that, I still have two folders showing on C: drive, but I think they are supposed to be there as part of the program's functions.  However, all the others are now hidden.

on Mar 22, 2017

starkers

Have you tried swapping hands with your mouse to see if that works?

Kinda hard to do for a leftie.

As for the files...no big deal as long as the proggie works. Not that I have anything to hold for ransom. Unless they want a bunch of tuts.

on Mar 22, 2017


Kinda hard to do for a leftie.

Yeah, me too,  Thing is, when stuff don't work out right, I give up and use my toes.

 

3 Pages1 2 3