This variant arrives as a text file with a name that tricks the users into opening it either downloaded from malicious websites or installed by other malware. It injects malicious code in the Service Host process (svchost.exe) to avoid antivirus detection and application control. The actual encryption is done from the svchost.exe process and it avoids some of the Windows system folders. The ransomware searches for common anti-malware software and attempts to stop the associated services.
This variant starts encrypting files several seconds after compromising the Service Host process. TEMASOFT Ranstop detects the ransomware in a few seconds and alerts the user. Next, the clean-up and recovery processes begin.
TEMASOFT Ranstop successfully stopped this fileless variant and recovered the damaged files.
Click here to watch TEMASOFT Ranstop in action (video)!
About TEMASOFT Ranstop
TEMASOFT Ranstop is an anti-ransomware software that detects present and future ransomware, based on file access pattern analysis with a high degree of accuracy. At the same time, it protects user files so that they can be restored in case of malware attacks or accidental loss.
For more information, follow us on social media and subscribe to our newsletter.
This post was last modified on August 21, 2023 7:27 am
In the digital world, information is often stored and transferred through files. From the most…
Introduction Data security is more important than ever in today's fast-paced digital world. One critical…
Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…
Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…
File tracking is an important aspect of server administration, and it can help administrators detect…
File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…