Jump to content

Recommended Posts

  • Administrators
Posted

Simulation tests do not tell anything about how a particular AV would perform in a real world with actual malware. We don't react to it rather deliberately.

  • ESET Insiders
Posted
4 minutes ago, Marcos said:

Simulation tests do not tell anything about how a particular AV would perform in a real world with actual malware. We don't react to it rather deliberately.

Isn't these testes act like a real ransomware ? why ESET don't block the operation of encrypting these files ?

  • Administrators
Posted

It would be easy if ransomware actually worked like the simulator but since there are numerous ways how to encrypt files, actual malware usually works differently. Moreover, the simulator won't encrypt your own files plus it's relatively already widespread which are another factors that substantially affect detection.

Posted (edited)

I will say this.

If one wants to test a security product's ransomware detection capability, go to Github and download one of the "educational" ransomware there. These actually encrypt your My documents, etc. folders and provide a decyption key to unencrypt your files. Obviously, do so at your own peril and ensure all your folders are backed up prior to testing.

Ref.: https://github.com/Sh1n0g1/ShinoLocker

Details here: https://www.bleepingcomputer.com/news/security/new-educational-shinolocker-ransomware-project-released/

For the truly adventuous, "go for the full monte" and use actual ransomware: https://github.com/FozzieHi/Ransomware

Edited by itman
  • ESET Insiders
Posted
5 hours ago, itman said:

Yikes! This is still coming up after three years.

I wrote about this here: https://forum.eset.com/topic/10792-ransomware-simulators-a-detailed-analysis/ and methods employed by Ransim and why Eset ignores their tests.

I remember i did read something about it but did search and didn't find anything, thanks for the info

Posted (edited)

Finally when it comes to ransomware, you could just find yourself plain screwed.

Such was the case last year when a security researcher discovered a vulnerability in the Win's Encrypting File System; i.e. EFS, that would allow an attacker to deploy that to maliciously encrypt a target's files. Microsoft, as expected, initially "pooh-pooh" it but came to its senses and patched it. This one caused Eset and a whole bunch of other AV vendors to issue security advisories. Luckily, this one wasn't exploited in-the-wild.

Ref.: https://safebreach.com/Post/EFS-Ransomware

Edited by itman
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...