Ranstop anti-ransomware live test against .asasin variant of Locky

Test subject – .Asasin variant of Locky ransomware .Asasin is the latest  variant of Locky ransomware, and it gets distributed via SPAM email campaigns. The messages resemble a notification to pay an invoice, having an archive as an attachment. Initial email campaigns had design flaws which prevented many infections, as the actual attachment was obfuscated because […]

Ranstop anti-ransomware live test against Arena variant of Crysis/Dharma

Test subject – Arena ransomware, a variant of Crysis / Dharma The .Arena ransomware marks a comeback for the Crysis/Dharma ransomware family. According to Michael Gillespie, the distribution method is not yet known, but most probably follows the pattern of the Crysis family, which used to be installed manually after successfully compromising the Remote Desktop Protocol. Once executed the ransomware appends […]

Ranstop anti-ransomware protects against Lukitus variant of Locky

Test subject – Loky Lukitus ransomware The Lukitus Loki variant is part of a new campaign following the “diablo” variant and is distributed via email campaigns containing malicious scripts either as office files or zip archives. One interesting feature of this variant, similar to the CryptoWall functionality, is that of scrambling files to make recovery even more difficult. […]

Ranstop protects against a GlobeImposter variant (.725)

Test subject – GlobeImposter ransomware This GlobeImposter ransomware is delivered as a java script via email campaigns and bypasses classic antivirus detection technologies. It has been maintaining a very low detection rate on Virustotal.com for several days. At the time of our live test, this variant was a top contributor to the latest ransomware incidents, according to the Bleeping […]

Ranstop protects against PowerShell ransomware – TEMASOFT Lab Demo

Test subject – PowerShell ransomware This PowerShell ransomware variant is particularly dangerous because it bypasses conventional anti-malware tools and renders files unusable. It uses a legitimate process to run the file encryption, eluding application control, heuristics and sandbox detection techniques. At the time of the test, less than a quarter of the solutions (according to […]

Ranstop protects against Oxar ransomware, a HiddenTear variant – TEMASOFT Lab Demo

Test subject – Oxar, a HiddenTear variant Oxar is a HiddenTear variant with a highly destructive potential. It features anti-debugging characteristics like protected memory zones, as well as environmental awareness to identify Sandobx environments. The ransomware encrypts user data into new files with the “.OXR” extension, and then removes the original. It demands a Bitcoin […]

New variant of Petya ransomware attacks computers worldwide

Less than two months ago, WannaCry made the headlines as the most destructive malware in the history. This time the world faces a new virus which uses the functionality of Petya ransomware: Petrwrap. It has already hit many companies and institutions from different countries including Merck, Rosneft, Maersk, Mondelez, causing severe operational disruptions. How Petrwrap […]

Ranstop protects against Sorebrect fileless ransomware – TEMASOFT Lab Demo

Sorebrect case subject – fileless ransomware This variant arrives as a text file with a name that tricks the users into opening it either downloaded from malicious websites or installed by other malware. It injects malicious code in the Service Host process (svchost.exe) to avoid antivirus detection and application control. The actual encryption is done from […]

Ranstop offers protection against ransomware embedded in PDF files – TEMASOFT Lab Demo

Case subject – A new PDF based ransomware This new variant arrives as a PDF file that contains Javascript blocks and at least one embedded document. When the PDF is viewed, it opens the embedded Microsoft Word document. The embedded document contains a macro that downloads and executes the ransomware payload. The PDF file is […]

Ranstop stops zero-day Jaff variant – TEMASOFT Lab Demo

Case subject – A zero-day Jaff (WLU extension) Jaff ransomware has seen some updates lately and we selected the newest variant for today’s exercise. At the time of the recording, the detection rate on virustotal is 18/60. Jaff is distributed through email SPAM campaigns that trick users into opening malicious attachments. A common example is the claim […]