Case subject – A Satana variant (Virustotal details)
In this scenario, the ransomware attack comes over the network via mapped drives. There are two computers involved: one running the Satana variant, without any protection installed and having a mapped drive to the second computer; the second computer does not run any ransomware code and has TEMASOFT Ranstop installed, with protection enabled.
The aim of this test is to prove that TEMASOFT Ranstop can cope with ransomware attacks that happen over the network and recover affected files.
Here is what makes this scenario difficult or impossible to handle by other similar solutions:
- There is no malicious code running on the machine having the anti-ransomware solution installed (on the protected computer);
- The remote encryption is carried out locally by system processes through file operations similar to the ones that are used by employees;
- The infected computer has no protection, meaning that the ransomware attack over the network is persistent and takes place for as long as the ransomware finds files to encrypt and a network connection is available.
TEMASOFT Ranstop detects the over-the-network attack carried out from the infected machine in a matter of seconds. It alerts the user and logs an incident in the central console. Even though it cannot stop the system process, which does the actual encryption, it still recovers the affected files automatically.
During this test, recovered files were not attacked further by the ransomware, but this does not mean that other ransomware variants behave the same. While most variants focus on document and image files, there are ransomware variants that attack any file, irrespective of type or extension. For best results, it is recommended that TEMASOFT Ranstop is configured to disable the network in case of ransomware incidents. Disabling the network, in this instance, causes the over-the-network attack to stop.
TEMASOFT Ranstop can offer protection in the event of ransomware attacks coming over the network by recovering the affected files and ending the attack by disabling the network interface, in spite of the technical challenges that this use case raises.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.