Entries by Peter Erdos

Ranstop anti-ransomware live test against BTCWare ransomware

Test subject – BTCWare ransomware, “shadow” extension The BTCWare family is a very active player in the ransomware world. Almost every month new variants are discovered, and although older versions are now possible to decrypt, the newly released variants use strong encryption algorithms to corrupt files and are impossible to recover. This particular variant is […]

Ranstop anti-ransomware live test against Arena variant of Crysis/Dharma

Test subject – Arena ransomware, a variant of Crysis / Dharma The .Arena ransomware marks a comeback for the Crysis/Dharma ransomware family. According to Michael Gillespie, the distribution method is not yet known, but most probably follows the pattern of the Crysis family, which used to be installed manually after successfully compromising the Remote Desktop Protocol. Once executed the ransomware appends […]

Ranstop anti-ransomware protects against Lukitus variant of Locky

Test subject – Loky Lukitus ransomware The Lukitus Loki variant is part of a new campaign following the “diablo” variant and is distributed via email campaigns containing malicious scripts either as office files or zip archives. One interesting feature of this variant, similar to the CryptoWall functionality, is that of scrambling files to make recovery even more difficult. […]

Ranstop protects against a GlobeImposter variant (.725)

Test subject – GlobeImposter ransomware This GlobeImposter ransomware is delivered as a java script via email campaigns and bypasses classic antivirus detection technologies. It has been maintaining a very low detection rate on Virustotal.com for several days. At the time of our live test, this variant was a top contributor to the latest ransomware incidents, according to the Bleeping […]

Ranstop protects against Oxar ransomware, a HiddenTear variant – TEMASOFT Lab Demo

Test subject – Oxar, a HiddenTear variant Oxar is a HiddenTear variant with a highly destructive potential. It features anti-debugging characteristics like protected memory zones, as well as environmental awareness to identify Sandobx environments. The ransomware encrypts user data into new files with the “.OXR” extension, and then removes the original. It demands a Bitcoin […]

A glimpse on how we test Ranstop (the human approach)

Temasoft Labs is a particular mixture between humans and machines, very similar to a microbiology laboratory. They both do the same thing, search and analyze disease-causing microorganisms because this is the first step in fighting this particular type of infectious agent: ransomware. Just like their biological counterparts, ransomware attacks IT infrastructure of any kind and […]