Sorebrect case subject – fileless ransomware
This variant arrives as a text file with a name that tricks the users into opening it either downloaded from malicious websites or installed by other malware. It injects malicious code in the Service Host process (svchost.exe) to avoid antivirus detection and application control. The actual encryption is done from the svchost.exe process and it avoids some of the Windows system folders. The ransomware searches for common anti-malware software and attempts to stop the associated services.
Sorebrect case facts
This variant starts encrypting files several seconds after compromising the Service Host process. TEMASOFT Ranstop detects the ransomware in a few seconds and alerts the user. Next, the clean-up and recovery processes begin.
Sorebrect case Conclusion
TEMASOFT Ranstop successfully stopped this fileless variant and recovered the damaged files.
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.