Blog

Ranstop blocks a Graftor screen locker ransomware variant – Temasoft Lab Demo

Case subject – A Graftor screen locker variant (Virustotal details)

Following up on the Beta 2 release of TEMASOFT Ranstop, featuring screen locker protection, our Research Lab Team staged a demo to assess the effectiveness of the new security feature.
For this exercise, we got hold of a Graftor screen locker variant to tested out the ability of Ranstop to detect and block screen lockers.

What are screen lockers

Screen lockers are malicious ransomware programs that prevent users from accessing their machine, by disabling the desktop, or the user interface of the operating system. After they infect a computer, a ransom note is displayed asking the users to pay to regain access to their computers. Most screen lockers do not encrypt files as typical ransomware does. So in the case of such an infection, the files can be recovered from the hard drive (if access to the desktop cannot be restored), using another machine. However, there are variants that along with locking the screen, encrypt files as well, making it harder or impossible to recover.

Case facts

The Graftor screen locker ransomware variant is a simple executable that can be accidentally downloaded from malicious websites, or installed by adware or other malicious software. Upon execution, it disables Task Manager and suspends Windows Explorer while showing a ransom note. This situation makes it impossible for the user to access the computer and restore the user interface of the operating system.
TEMASOFT Ranstop detects and stops this variant in around 6 seconds, time in which the ransomware managed to deliver its functionality and display the ransom note. However, TEMASOFT Ranstop killed and quarantined the ransomware process, and then restored access to Task Manager. An incident is logged in the Ranstop Console. The user can use Task Manager to restore Windows Explorer, and everything is back to normal in under one minute.
Case Conclusion
TEMASOFT Ranstop managed to successfully block this screen locker variant and restore access to the machine in under one minute.


Click here to watch TEMASOFT Ranstop in action (video)!

About TEMASOFT Ranstop

TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.

For more information, follow us on social media and subscribe to our newsletter.

This post was last modified on August 21, 2023 7:27 am

Calin Ghibu

Technical background: over 15 years experience in testing, developing, researching and managing network security solutions. Currently focusing on information security and IT management. Specialties: Network audit, information security, web security, endpoint security, perimeter security SIEM, legal compliance, competitive intelligence.

Share
Published by
Calin Ghibu
Tags: ranstop

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023