Jump to content

Recommended Posts

  • Administrators

Simulation tests do not tell anything about how a particular AV would perform in a real world with actual malware. We don't react to it rather deliberately.

Link to post
Share on other sites
  • ESET Insiders
4 minutes ago, Marcos said:

Simulation tests do not tell anything about how a particular AV would perform in a real world with actual malware. We don't react to it rather deliberately.

Isn't these testes act like a real ransomware ? why ESET don't block the operation of encrypting these files ?

Link to post
Share on other sites
  • Administrators

It would be easy if ransomware actually worked like the simulator but since there are numerous ways how to encrypt files, actual malware usually works differently. Moreover, the simulator won't encrypt your own files plus it's relatively already widespread which are another factors that substantially affect detection.

Link to post
Share on other sites

I will say this.

If one wants to test a security product's ransomware detection capability, go to Github and download one of the "educational" ransomware there. These actually encrypt your My documents, etc. folders and provide a decyption key to unencrypt your files. Obviously, do so at your own peril and ensure all your folders are backed up prior to testing.

Ref.: https://github.com/Sh1n0g1/ShinoLocker

Details here: https://www.bleepingcomputer.com/news/security/new-educational-shinolocker-ransomware-project-released/

For the truly adventuous, "go for the full monte" and use actual ransomware: https://github.com/FozzieHi/Ransomware

Edited by itman
Link to post
Share on other sites
  • ESET Insiders
5 hours ago, itman said:

Yikes! This is still coming up after three years.

I wrote about this here: https://forum.eset.com/topic/10792-ransomware-simulators-a-detailed-analysis/ and methods employed by Ransim and why Eset ignores their tests.

I remember i did read something about it but did search and didn't find anything, thanks for the info

Link to post
Share on other sites

Finally when it comes to ransomware, you could just find yourself plain screwed.

Such was the case last year when a security researcher discovered a vulnerability in the Win's Encrypting File System; i.e. EFS, that would allow an attacker to deploy that to maliciously encrypt a target's files. Microsoft, as expected, initially "pooh-pooh" it but came to its senses and patched it. This one caused Eset and a whole bunch of other AV vendors to issue security advisories. Luckily, this one wasn't exploited in-the-wild.

Ref.: https://safebreach.com/Post/EFS-Ransomware

Edited by itman
Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...