How it works internally I wonder ? From my knowledge ransomware is form of a rootkit, which operates on low level by hooking APIs working with files and encrypting/decrypting doing there - meaning from windows everything looks pretty much normal, until hook is removed - only then encryption is visible, right ?
So this 'buster' is something like 'Unhackme' or similar software hooking itself even somewhere lower (as dangerous as it sounds, makes it pretty much rootkit itself!) or it is just 'monitoring' windows file API activities (as useless as it sounds for finding ransomware) ?

dex tarafından yorumlandı  –  2 years ago  –  Bu yorumu yararlı buldunuz mu? evet | hayır (-3)

Çevir

dex, Not all ransomware are rootkits; most of them run in the User Mode which makes all their malicious and encryption activity visible to the OS and other apps. The current CryptoBuster Beta can only monitor and respond to IO activities made to honeypots or other file types monitored by the File Extensions Monitor. When a malicious IO activity is detected, CryptoBuster will respond with a variety of actions configured by the user. Those actions aim to halt the ransomware encryption activity, thus minimizing the damage.

Please be informed that CryptoBuster is designed to work with other security apps, so it can't offer full protection against ransomware by itself.

We are working on a file system driver for CryptoBuster that will not only allow CryptoBuster to monitor and respond to malicious activities, but it would allow the app to intercept and prevent honeypot modifications and other IO activities at the Kernel level.

dex, Not all ransomware are rootkits; most of them run in the User Mode which makes all their malicious and encryption activity visible to the OS and other apps. The current CryptoBuster Beta can only monitor and respond to IO activities made to honeypots or other file types monitored by the File Extensions Monitor. When a malicious IO activity is detected, CryptoBuster will respond with a variety of actions configured by the user. Those actions aim to halt the ransomware encryption activity, thus minimizing the damage. Please be informed that CryptoBuster is designed to work with other security apps, so it can't offer full protection against ransomware by itself. We are working on a file system driver for CryptoBuster that will not only allow CryptoBuster to monitor and respond to malicious activities, but it would allow the app to intercept and prevent honeypot modifications and other IO activities at the Kernel level.
Save | Cancel

Smart PC Utilities tarafından yorumlandı  –  2 years ago  –  Bu yorumu yararlı buldunuz mu? evet | hayır (+17)

Çevir

Once installed, is there a way to test it to see if it actually works?

Wahtsup tarafından yorumlandı  –  2 years ago  –  Bu yorumu yararlı buldunuz mu? evet | hayır (+10)

Çevir

Port 139 is utilized by NetBIOS Session service. Enabling NetBIOS services provide access to shared resources like files and printers not only to your network computers but also to anyone across the internet. Therefore it is advisable to block port 139 in the Firewall.

Block It tarafından yorumlandı  –  2 years ago  –  Bu yorumu yararlı buldunuz mu? evet | hayır (+9)

Çevir

After installing

Unable to communicate with the Cryptobuster service

What should I do ???

Paweł tarafından yorumlandı  –  2 years ago  –  Bu yorumu yararlı buldunuz mu? evet | hayır (+8)

Çevir

Block ports 139 (NetBIOS), 445 (Server Message Block), and 3389 (Terminal Services). These are the ports that APT29 uses. APT29 is the Russian hacking group that is causing much of the ransomware attacks. You're wise if you block these ports on your machine(s).

Kirt Fisher tarafından yorumlandı  –  2 years ago  –  Bu yorumu yararlı buldunuz mu? evet | hayır (+7)

Çevir