Ranstop anti-ransomware live test against BTCWare ransomware

Test subject – BTCWare ransomware, “shadow” extension The BTCWare family is a very active player in the ransomware world. Almost every month new variants are discovered, and although older versions are now possible to decrypt, the newly released variants use strong encryption algorithms to corrupt files and are impossible to recover. This particular variant is […]

Bad Rabbit ransomware outbreak targets Europe (live attack video)

Reports starting to come in on Tuesday, the 24th of October, according to which a new ransomware outbreak has targeted a series of corporate networks and institutions in Russia and Ukraine. The new ransomware is identified as Bad Rabbit ransomware and it also reportedly attacked targets in other countries like Bulgaria, Turkey, and Germany. The […]

Ranstop anti-ransomware live test against .asasin variant of Locky

Test subject – .Asasin variant of Locky ransomware .Asasin is the latest  variant of Locky ransomware, and it gets distributed via SPAM email campaigns. The messages resemble a notification to pay an invoice, having an archive as an attachment. Initial email campaigns had design flaws which prevented many infections, as the actual attachment was obfuscated because […]

Ranstop anti-ransomware live test against Arena variant of Crysis/Dharma

Test subject – Arena ransomware, a variant of Crysis / Dharma The .Arena ransomware marks a comeback for the Crysis/Dharma ransomware family. According to Michael Gillespie, the distribution method is not yet known, but most probably follows the pattern of the Crysis family, which used to be installed manually after successfully compromising the Remote Desktop Protocol. Once executed the ransomware appends […]

Ranstop anti-ransomware protects against Lukitus variant of Locky

Test subject – Loky Lukitus ransomware The Lukitus Loki variant is part of a new campaign following the “diablo” variant and is distributed via email campaigns containing malicious scripts either as office files or zip archives. One interesting feature of this variant, similar to the CryptoWall functionality, is that of scrambling files to make recovery even more difficult. […]

Ranstop protects against a GlobeImposter variant (.725)

Test subject – GlobeImposter ransomware This GlobeImposter ransomware is delivered as a java script via email campaigns and bypasses classic antivirus detection technologies. It has been maintaining a very low detection rate on Virustotal.com for several days. At the time of our live test, this variant was a top contributor to the latest ransomware incidents, according to the Bleeping […]

Ranstop protects against PowerShell ransomware – TEMASOFT Lab Demo

Test subject – PowerShell ransomware This PowerShell ransomware variant is particularly dangerous because it bypasses conventional anti-malware tools and renders files unusable. It uses a legitimate process to run the file encryption, eluding application control, heuristics and sandbox detection techniques. At the time of the test, less than a quarter of the solutions (according to […]

Ranstop protects against Oxar ransomware, a HiddenTear variant – TEMASOFT Lab Demo

Test subject – Oxar, a HiddenTear variant Oxar is a HiddenTear variant with a highly destructive potential. It features anti-debugging characteristics like protected memory zones, as well as environmental awareness to identify Sandobx environments. The ransomware encrypts user data into new files with the “.OXR” extension, and then removes the original. It demands a Bitcoin […]

New variant of Petya ransomware attacks computers worldwide

Less than two months ago, WannaCry made the headlines as the most destructive malware in the history. This time the world faces a new virus which uses the functionality of Petya ransomware: Petrwrap. It has already hit many companies and institutions from different countries including Merck, Rosneft, Maersk, Mondelez, causing severe operational disruptions. How Petrwrap […]

Ranstop protects against Sorebrect fileless ransomware – TEMASOFT Lab Demo

Sorebrect case subject – fileless ransomware This variant arrives as a text file with a name that tricks the users into opening it either downloaded from malicious websites or installed by other malware. It injects malicious code in the Service Host process (svchost.exe) to avoid antivirus detection and application control. The actual encryption is done from […]