Jump to content

Raccine 0.10.2


Recommended Posts

Raccine is meant as a simple portable ransomware vaccine intended to protect against attacks that target shadow copies for deletion via vssadmin.exe.

 

batch-installer.png


Ransomware will often delete all shadow copies using vssadmin; Raccine intercepts that request and kills the invoking process. Raccine is a binary, that first collects all PIDs of the parent processes and then attempts to kill all parent processes.

There are several advantages for Raccine, the method is generic, no replacement of a system file (vssadmin.exe or wmic.exe), which could lead to integrity problems and could break the "raccination" on each patch day, these changes are easy to undo, and finally, there is no running executable or additional service required (agent-less).

You have two different installation options:
Automatic

  • Download Raccine.zip from the Release section
  • Extract it
  • Run raccine-installer.bat

Manual

  • Apply Registry Patch raccine-reg-patch-vssadmin.reg to intercept invocations of vssadmin.exe
  • Place Raccine.exe from the release section in the PATH, e.g. into C:\Windows

(For i386 architecture systems, use Raccine_x86.exe and rename it to Raccine.exe)


If you have solid security monitoring that logs all process executions, you could check your logs to see if vssadmin.exe delete shadows or vssadmin.exe resize shadowstorage ... is frequently or sporadically used for legitimate purposes, in which case you should refrain from using Raccine.

 

OS: Windows 10|8|7

 

Homepage: https://github.com/Neo23x0/Raccine

 

Changelog: https://github.com/Neo23x0/Raccine/releases

v0.10.2 :: 18th Oct, 2020

 

Download: https://github.com/Neo23x0/Raccine/releases/download/0.10.2/Raccine.zip

Edited by rushdie
  • Like 2
  • Thanks 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...