Ranstop anti-ransomware live test against Arena variant of Crysis/Dharma

Test subject – Arena ransomware, a variant of Crysis / Dharma The .Arena ransomware marks a comeback for the Crysis/Dharma ransomware family. According to Michael Gillespie, the distribution method is not yet known, but most probably follows the pattern of the Crysis family, which used to be installed manually after successfully compromising the Remote Desktop Protocol. Once executed the ransomware appends […]

Ranstop anti-ransomware protects against Lukitus variant of Locky

Test subject – Loky Lukitus ransomware The Lukitus Loki variant is part of a new campaign following the “diablo” variant and is distributed via email campaigns containing malicious scripts either as office files or zip archives. One interesting feature of this variant, similar to the CryptoWall functionality, is that of scrambling files to make recovery even more difficult. […]

Ranstop protects against a GlobeImposter variant (.725)

Test subject – GlobeImposter ransomware This GlobeImposter ransomware is delivered as a java script via email campaigns and bypasses classic antivirus detection technologies. It has been maintaining a very low detection rate on Virustotal.com for several days. At the time of our live test, this variant was a top contributor to the latest ransomware incidents, according to the Bleeping […]

Ranstop protects against PowerShell ransomware – TEMASOFT Lab Demo

Test subject – PowerShell ransomware This PowerShell ransomware variant is particularly dangerous because it bypasses conventional anti-malware tools and renders files unusable. It uses a legitimate process to run the file encryption, eluding application control, heuristics and sandbox detection techniques. At the time of the test, less than a quarter of the solutions (according to […]

Ranstop protects against Oxar ransomware, a HiddenTear variant – TEMASOFT Lab Demo

Test subject – Oxar, a HiddenTear variant Oxar is a HiddenTear variant with a highly destructive potential. It features anti-debugging characteristics like protected memory zones, as well as environmental awareness to identify Sandobx environments. The ransomware encrypts user data into new files with the “.OXR” extension, and then removes the original. It demands a Bitcoin […]

New variant of Petya ransomware attacks computers worldwide

Less than two months ago, WannaCry made the headlines as the most destructive malware in the history. This time the world faces a new virus which uses the functionality of Petya ransomware: Petrwrap. It has already hit many companies and institutions from different countries including Merck, Rosneft, Maersk, Mondelez, causing severe operational disruptions. How Petrwrap […]

Ranstop protects against Sorebrect fileless ransomware – TEMASOFT Lab Demo

Sorebrect case subject – fileless ransomware This variant arrives as a text file with a name that tricks the users into opening it either downloaded from malicious websites or installed by other malware. It injects malicious code in the Service Host process (svchost.exe) to avoid antivirus detection and application control. The actual encryption is done from […]

Ranstop offers protection against ransomware embedded in PDF files – TEMASOFT Lab Demo

Case subject – A new PDF based ransomware This new variant arrives as a PDF file that contains Javascript blocks and at least one embedded document. When the PDF is viewed, it opens the embedded Microsoft Word document. The embedded document contains a macro that downloads and executes the ransomware payload. The PDF file is […]

Ranstop stops zero-day Jaff variant – TEMASOFT Lab Demo

Case subject – A zero-day Jaff (WLU extension) Jaff ransomware has seen some updates lately and we selected the newest variant for today’s exercise. At the time of the recording, the detection rate on virustotal is 18/60. Jaff is distributed through email SPAM campaigns that trick users into opening malicious attachments. A common example is the claim […]

Ranstop stops zero-day, script-based Spora variant – TEMASOFT Lab Demo

Case subject – A zero-day Spora variant packed as a command line script Today’s test uses a zero-day variant of Spora, disguised as a command line script. The file is distributed via email campaigns and, on execution, starts Microsoft Word and launches a background process that performs the actual encryption. At the time of the […]