A computer components & hardware forum. HardwareBanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » HardwareBanter forum » General Hardware & Peripherals » Storage (alternative)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

"How to beat ransomwa prevent, don't react"



 
 
Thread Tools Display Modes
  #1  
Old November 1st 16, 06:26 PM posted to comp.sys.ibm.pc.hardware.storage
Lynn McGuire[_3_]
external usenet poster
 
Posts: 198
Default "How to beat ransomwa prevent, don't react"

"How to beat ransomwa prevent, don't react"
https://blog.malwarebytes.com/101/20...nt-dont-react/

Lynn
  #2  
Old November 1st 16, 08:29 PM posted to comp.sys.ibm.pc.hardware.storage
VanguardLH[_2_]
external usenet poster
 
Posts: 1,453
Default "How to beat ransomwa prevent, don't react"

Lynn McGuire wrote:

"How to beat ransomwa prevent, don't react"
https://blog.malwarebytes.com/101/20...nt-dont-react/


While anti-virus and even MalwareBytes' own Anti-Exploit is supposed to
help prevent crypto ransomware attacks, seems the obvious solution is to
get prompted whenever a process or thread wants to issue calls to the
Windows Crypto API. As with firewalls, you could Allow or Block
(permnantely or temporarily) a Crypto API call. If an unknown process
decided it wanted to encrypt something, you get prompted and can block
(disallow) the crypto call. I suspect that is the big crux of how
Malwarebytes' Anti-Ransomeware beta software works. Hopefully it
includes a database (also hashed to detect any modification) of known OS
processes to whitelist those. You can see more info in their forum at:

https://forums.malwarebytes.org/foru...nsomware-beta/

While it may be free now, it looks like they are planning to roll it
into their Anti-Malware product - their payware version of that. So
freeloaders, like me, wanting free security solutions will get to use it
while it is beta which helps MalwareBytes test their software and then
it will get yanked away when rolled into their flagship product
(Anti-Malware, payware version). Since their Anti-Malware freeware
product has no on-access (real-time) scanner, any anti-ransomware
function would be worthless in having to wait until the user gets around
to an on-demand (manually run) scan. So you would need their payware
version of MBAM to get their on-access scanner that would then include
coverage and heuristics for crypto-based malware.

While this sounds great (until their betaware gets rolled into their
payware), this focuses on crypto ransomware. I've seen some rogueware
that merely renames every file it can find (that is not locked) and then
set the Hidden file attribute on it. The malware could also change a
Windows policy that prevent access to a volume (other than for the OS).
Volumes can also be disabled thus preventing access. Users already know
how to do this using Disk Management (diskmgmt.msc) or the command-line
version of it (devcon.exe). Permissions can be changed. There are lots
of ways to block access to files than just encrypting them.

You might want to read the comments to the article mentioned by the OP,
along with reading the forum comments. Yes, it is beta but I won't be
installing this on my sole home PC. This is something for a test
platform. Also, I don't see the point of wasting time of what is
freeware now to only later yet yanked away by rolling it inside of their
payware.
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
"Ransomware Gang Claims Fortune 500 Company Hired Them to Hack theCompetition" Lynn McGuire[_2_] Storage (alternative) 4 August 21st 16 12:06 AM
"Ransomware Hit 40 Percent of Businesses in the Last Year" Lynn McGuire[_2_] Storage (alternative) 0 August 4th 16 07:35 PM
"Ransomware Visits Backblaze" Lynn McGuire[_2_] Storage (alternative) 4 March 12th 16 04:49 PM
USB bootable maker: Diff between "HP Drive Key Boot Utility" and "HP USB Disk Storage Format Tool"? Jason Stacy Storage (alternative) 1 April 21st 09 01:14 AM
"true life" vs. "anti-glare" of Vostro 1500: What are the brightness & contrast ratios??? Thomas G. Marshall Dell Computers 1 April 11th 08 10:47 PM


All times are GMT +1. The time now is 09:21 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 HardwareBanter.
The comments are property of their posters.