During this test, the TEMASOFT Research Lab Team used an isolated network to run a live ransomware. The payload is a variant of CryptoLocker that arrives as an executable which displays a standard “folder” icon, to trick users into clicking on it. Once clicked the executable asks for privilege elevation and, if given (the privilege elevation seems to come from Windows Explorer as if a folder was being opened), it will create rogue explorer.exe and svchost.exe processes that will handle the encryption and communication functionality. Compromised files have the .encrypted extension.
TEMASOFT Ranstop detects and stops this variant in around 10 seconds, time in which the ransomware managed to encrypt between 60 and 70 files on the local hard drive. At this rate, a detection time of hours would have most probably compromised the entire system.
Next TEMASOFT Ranstop blocks the process that performs the encryption, alerts the user via the tray application and logs the incident in the main product console. While this happens, the 60-70 files are being restored automatically in the background, in the same folder, and with the same name and appear next to the encrypted version, having the .encrypted extension.
TEMASOFT Ranstop managed to successfully block this CryptoLocker variant and restore damaged files without any user intervention, in a matter of seconds.
Click here to watch TEMASOFT Ranstop in action (video)!
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.
t._e = []; t.ready = function(f) { t._e.push(f); };
return t; }(document, "script", "twitter-wjs"));
This post was last modified on August 21, 2023 7:27 am
In the digital world, information is often stored and transferred through files. From the most…
Introduction Data security is more important than ever in today's fast-paced digital world. One critical…
Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…
Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…
File tracking is an important aspect of server administration, and it can help administrators detect…
File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…