Windows 10: AVLab ransomware test/October 2016

AVLab ransomware test/October 2016


Full pdf report: https://avlab.pl/sites/default/files...ransomware.pdf

For software indented for protecting home users and micro businesses computers:

Best +++

Arcabit Internet Security
Comodo Cloud Antivirus
Emsisoft Internet Security 11
Emsisoft Internet Security 12
Foltyn SecurityShield
F-Secure SAFE
G DATA Internet Security
Kaspersky Internet Security 2017
Qihoo 360 Total Security
SecureAPlus Premium
Trend Micro Internet Security 2017
Voodoo Shield Pro
Zemana Antimalware Premium
ZoneAlarm Internet Security Suite

Best ++
Avast Internet Security 2016
Avira Internet Security Suite
Bitdefender Antivirus Free Edition
Bitdefender Internet Security 2017
Dr. Web Space Security
ESET Smart Security 10 (BETA)
TrustPort Internet Security

Good+
Avast Free Antivirus 2016
AVG AntiVirus Free Edition
AVG Internet Security
Comodo Internet Security 8

Average
Ad-Aware Free Antivirus
ESET Smart Security 9
FortiClient FreeNorton Security
Panda Internet Security
Sophos HOME

Tested
Malwarebytes Anti-Malware Premium
McAfee LiveSafeWebroot SecureAnywhere Comlpete
Avira Free Antivirus
Dr Web Katana
Panda Free Antivirus
Comodo Internet Security Pro 10 (BETA)
Windows Defender
Malwarebytes Anti-Ransomware (BETA)

For software indented for protecting small and medium businesses workstations:

Best +++
Arcabit Endpoint Security
Comodo ONE Enterprise
Emsisoft Anti-Malware for endpoints
F-Secure Protection Servicefor Business
G DATA Client Security Business
Kaspersky Endpoint Security 10 for Windows
Seqrite Endpoint SecurityEnterprise Suite
Sophos Endpoint Protection

Best++
Avast for Business Endpoint Security
AVAST for Business Basic
Avira AntiVirus Business Edition
Bitdefender GravityZone
Kaspersky Anti-Ransomware Toolfor Business
Panda Adaptive Defense

Good+
Avira Antivirus for Endpoint
ESET Endpoint Security

Average

- none -

Tested
Trend Micro Worry-Free Business Security



:)

 

We detect this ransomware as Ransom:Win32/ZCryptor.A.

If your files were encrypted I suggest you refer to the following:

Zcrypt Ransomware Support and Help Topic (.Zcrypt How to decrypt files.html)

Zcrypt Ransomware Support and Help Topic (.Zcrypt How to decrypt files.html) - Ransomware Help & Tech Support

Additional information:

The Week in Ransomware - May 27 2016 - Zcrypt, Jigsaw, and More (The Zcrypt Ransomware is Released-May 24th 2016)

The Week in Ransomware - May 27 2016 - Zcrypt, Jigsaw, and More

Link (.lnk) to Ransom

Link (.lnk) to Ransom

~

 

How crypto ransomware spreads... is it decryptable...should I pay the ransom

Before You Pay that Ransomware Demand…

Before You Pay that Ransomware Demand… — Krebs on Security

FWIW I believe it's evident that 2017 will bring botnets more into play as ransomware threat.

~rhab

 

RubberDucky,

Thanks for the interesting info.

 

I use Kaspersky Internet Security since I get it free from my bank. However, I have some concerns since it's a Russian firm - but is a US firm any safer considering US government influence?

 

Hi there

the BEST protection against Ransomware is a CLEAN BACKUP -- then if you are unfortunate enough to get Ransomware simply RESTORE system -- don't shut down normally - POWER OFF immediately via Power switch and restore your system from backup say on USB device. If in "Paranoia mode" then format HDD also before restoring - but usually a system restore will be just fine.

I wonder though how many people have actually had Ransomware -- it seems to come from email links --I can't believe after the number of warnings people have against opening unknown email links etc they still fall into the trap.

One problem with AV software is how do you distinguish between a Normal (application type) program and a piece of malware. Unless you have an up to date image of every possible program on the planet AV wont detect a lot of these.

AV software can detect if central resources etc are being attacked such as altering HDD boot sectors or fiddling with the kernel -- but say you wrote a standard piece of basic code to read a directory and write Hex'00' to every file in the directory I'm not sure if Any AV program would detect this as a rogue program - especially if YOU are running it - even as a background program.

One can quite easily WRECK a system just by bad (or deliberate) programming without having to make any "memory calls", BIOS calls, use Windows undocumented special features etc.

Just try it on a VM if you can do any coding and see if your AV detects it !!!!! - Save any critical data first before trying this experiment --which is why I suggest doing this on an ISOLATED VM not connected to your HOST / LAN via a network.

The main security problem with Windows is the design of Windows itself on Home computers -- usually SINGLE USER systems where user is "The system administrator" and has access to all the resources.

At least with Linux you have to run as root to do serious damage - although any user can destroy their own files by accident easily enough..

People need to specify a bit more "What are they actually protecting themselves against" - the answers might be quite interesting of course.

Cheers
jimbo

 

WD last, as always, who would have thought?! I wonder, what happens, once they implement ATP, it looks promising.
I think I am gonna replace Avast Free on my mom's computer to Qihoo Essential again. Hope it will run better this time.

Something to watch, if you are interested in ransomware's detection: www.youtube.com/channel/UC6rpY1_vDoNV2AhS63enMZg

 

Just curious, what is indented software?

 

Hi there

also nobody seems to answer my question is on "What exactly is malware", how do you identify it correctly and why isn't a badly written or intentional user program such as my example as reading a file directory with a simple visual basic program (or even any FREE version of Basic / or a script) which can then write Hex '00' to every file in the directory regarded as "Malware".

I should think simple program like that - can't be more than a few lines of code -- could do a lot of damage and in my book that definitely would be classed as malware if run uncontrolled on people's computers.

Cheers
jimbo

 

Autocorrect/spelling error?

I imagine when the report says "software indented for" they mean "software intended for".

 

Most likely. Guess somebody didn't proof read.