Linux ransomware, an important concern

Although not a frequent target, and usually harder to exploit than other operating systems, Linux is not ransomware free. Mass ransomware attacks often target more popular operating systems, both among consumers with relatively fewer IT skills and businesses. However, targeted ransomware attacks go for a particular organization, so cyber criminals are looking to get a […]

Ranstop anti-ransomware live test against Arena variant of Crysis/Dharma

Test subject – Arena ransomware, a variant of Crysis / Dharma The .Arena ransomware marks a comeback for the Crysis/Dharma ransomware family. According to Michael Gillespie, the distribution method is not yet known, but most probably follows the pattern of the Crysis family, which used to be installed manually after successfully compromising the Remote Desktop Protocol. Once executed the ransomware appends […]

Ranstop anti-ransomware protects against Lukitus variant of Locky

Test subject – Loky Lukitus ransomware The Lukitus Loki variant is part of a new campaign following the “diablo” variant and is distributed via email campaigns containing malicious scripts either as office files or zip archives. One interesting feature of this variant, similar to the CryptoWall functionality, is that of scrambling files to make recovery even more difficult. […]

Cerber ransomware evolves to steal passwords and Bitcoin wallets

Cerber made the headlines again, this time with the latest variant as it brings new functions to the table. Some experts say that the evolution of ransomware is towards developing worm-like capabilities, like NotPetya and WannaCry, but this new Cerber variant shows another development direction: that of adapting ransomware to perform data exfiltration as well. […]

What is anti-ransomware

Anti-ransomware is a technology created to protect user data, in response to the ransomware phenomenon, a major concern and one of the biggest threats to cyber security nowadays. However, it is a rather new type of threat as major ransomware attacks started over three years ago, and it took some time until the community recognized […]

Ranstop protects against a GlobeImposter variant (.725)

Test subject – GlobeImposter ransomware This GlobeImposter ransomware is delivered as a java script via email campaigns and bypasses classic antivirus detection technologies. It has been maintaining a very low detection rate on Virustotal.com for several days. At the time of our live test, this variant was a top contributor to the latest ransomware incidents, according to the Bleeping […]

What is file monitoring?

File monitoring is an internal audit process of automatically observing and recording important aspects regarding how files are being accessed and how they change over time. Many controls defined by security standards require the implementation of such processes for compliance. In essence, file monitoring is performed for two important reasons: – To ensure the integrity […]

Ransomware detection – Targeted vs. random attacks

When it comes to ransomware detection, targeted ransomware attacks are very difficult to identify through classic anti-virus technology. Although such attacks are less frequent than their random, mass, counterparts, they are far more devastating and expensive mainly because they have a higher chance of succeeding in encrypting the files. Let’s look at some important differences […]

Ranstop protects against PowerShell ransomware – TEMASOFT Lab Demo

Test subject – PowerShell ransomware This PowerShell ransomware variant is particularly dangerous because it bypasses conventional anti-malware tools and renders files unusable. It uses a legitimate process to run the file encryption, eluding application control, heuristics and sandbox detection techniques. At the time of the test, less than a quarter of the solutions (according to […]

Ranstop protects against Oxar ransomware, a HiddenTear variant – TEMASOFT Lab Demo

Test subject – Oxar, a HiddenTear variant Oxar is a HiddenTear variant with a highly destructive potential. It features anti-debugging characteristics like protected memory zones, as well as environmental awareness to identify Sandobx environments. The ransomware encrypts user data into new files with the “.OXR” extension, and then removes the original. It demands a Bitcoin […]