Jump to content

I infected my Windows computer with ransomware to test RansomFree's protection


tao

Recommended Posts

Jesus Vigo went hands-on with RansomFree to see if it could outmaneuver ransomware threats and keep data safe. Here's a look at what he discovered.

 

Ransomware made a huge splash in 2016. There's no denying the motivation here: Money—as in virtually untraceable, digital cryptocurrency—has made this segment of the security realm nearly unstoppable. And if it continues to grow as projected, its reach will extend to more and more users, bringing in tens of millions of dollars for threat actors wishing to cash in on the epidemic.

 

So what does this mean for your data if it's something that can't be stopped? Well, many of the best practices still apply. For instance, making sure you're up to date on system and application patches, rolling out modern antivirus with malware protection that is both updated and that actively runs in the background, and performing multiple scheduled backups are good computing habits. Of course, staying clear of questionable websites and not clicking on links or attachments sent to you via email, social media, or just about anywhere are excellent safety guidelines to practice too.

 

But even with all that, you're still susceptible to data compromise. So what's next? Well, next might be RansomFree. This proactive ransomware detection application watches your computer for files being accessed and monitors their interaction closely to determine whether encryption is taking place. Using behavioral detection techniques, if RansomFree determines the behavior being displayed to be ransomware, it immediately halts the process and flags it, creating an alert onscreen. At that point, the user must authorize the process before it will proceed, according to RansomFree's developer.

 

But should we just take their word for it? I didn't! I set out to test it first-hand to determine whether the application works as advertised. I purposely infected my Windows-based computer with a strain of ransomware to assess RansomFree's real-life capabilities... and the results documented are nothing less than impressive.

 

First, a warning. DO NOT INFECT YOUR COMPUTER WITH RANSOMWARE! For the purposes of this test, I created a virtual machine (VM) sandbox environment with a clean copy of Windows and Office. This VM was isolated from other computers on the network, as well. Furthermore, no patches or updates were made to the VM nor was it running any type of malware protection whatsoever.

Seeing how the ransomware operates

Since I have experience cleaning up the devastation left behind by malware—but not with infecting a machine on purpose—I decided to run this test twice after taking a snapshot of the VM as a point-in-time prior to the introduction of malicious code. The first time through, I would do so without RansomFree to see how the ransomware would operate on the system. Once it was confirmed to have worked, I would rerun the test with RansomFree installed to gauge how effective it was against this strain of ransomware, since now I'd have a good idea of what to look for ...

 

Please read the rest of article with images at:

 

Ref:  < http://www.techrepublic.com/article/i-infected-my-computer-with-ransomware-to-test-ransomfrees-protection-for-windows/ >

 

Link to comment
Share on other sites


  • Replies 3
  • Views 1.1k
  • Created
  • Last Reply

Free protection against ransomware: use your brain than to use " free " tools......:P

Link to comment
Share on other sites


2 hours ago, adi said:

For the purposes of this test, I created a virtual machine (VM) sandbox environment with a clean copy of Windows and Office.

 

To start with we regularly test ransomware and none of it will run in a VM.  When it detects it is running in a VM it not only will not run but will delete itself and leave no trace.  This is done by the malware authors exactly for the purpose of testing and seeing how their malware operates.  I don't know exactly which ransomware product he 'infected' himself with but he had to 'extract the malicious document'.  This is the reason he was able to infect his system, because if he had run the container it would have seen that it was on a VM and deleted itself and would never have extracted the document and run it.  So this test is false, it doesn't include anything else the container might have called and installed on the system, which is common with malware of all types.  RansomFree is useless.  Knowledge has posted videos of tests done with it previously and I wouldn't put it on any computer.

 

Seems like the article was just a cheap shot at getting free advertisement for RansomFree.

 

 

Link to comment
Share on other sites


28 minutes ago, straycat19 said:

To start with we regularly test ransomware and none of it will run in a VM.  When it detects it is running in a VM it not only will not run but will delete itself and leave no trace.  This is done by the malware authors exactly for the purpose of testing and seeing how their malware operates.  [...] So this test is false, [...]  RansomFree is useless.  Knowledge has posted videos of tests done with it previously and I wouldn't put it on any computer.

 

Seems like the article was just a cheap shot at getting free advertisement for RansomFree.

Thanks for the information on ransomware on a VM.  :)

 

The test may be false, perhaps (not my area of expertize  :mellow:).  Who can know what motivates another but the author's motivation seems to be to help, rather than to deceive, us (and I may be wrong, of course).

 

Knowledge is always so very helpful (thanks for the video, Knowledge, and Straycat19 for pointing it out).

 

Again, the article was informative, even if be it a "paid" advertisement for the product in question.

 

Thanks and Regards!  :)

 

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...