Case subject – A Graftor screen locker variant (Virustotal details)
Following up on the Beta 2 release of TEMASOFT Ranstop, featuring screen locker protection, our Research Lab Team staged a demo to assess the effectiveness of the new security feature.
For this exercise, we got hold of a Graftor screen locker variant to tested out the ability of Ranstop to detect and block screen lockers.
What are screen lockers
Screen lockers are malicious ransomware programs that prevent users from accessing their machine, by disabling the desktop, or the user interface of the operating system. After they infect a computer, a ransom note is displayed asking the users to pay to regain access to their computers. Most screen lockers do not encrypt files as typical ransomware does. So in the case of such an infection, the files can be recovered from the hard drive (if access to the desktop cannot be restored), using another machine. However, there are variants that along with locking the screen, encrypt files as well, making it harder or impossible to recover.
The Graftor screen locker ransomware variant is a simple executable that can be accidentally downloaded from malicious websites, or installed by adware or other malicious software. Upon execution, it disables Task Manager and suspends Windows Explorer while showing a ransom note. This situation makes it impossible for the user to access the computer and restore the user interface of the operating system.
TEMASOFT Ranstop detects and stops this variant in around 6 seconds, time in which the ransomware managed to deliver its functionality and display the ransom note. However, TEMASOFT Ranstop killed and quarantined the ransomware process, and then restored access to Task Manager. An incident is logged in the Ranstop Console. The user can use Task Manager to restore Windows Explorer, and everything is back to normal in under one minute.
TEMASOFT Ranstop managed to successfully block this screen locker variant and restore access to the machine in under one minute.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.