Jump to content
Nytro

RansomWhere?

Recommended Posts

RansomWhere?

 Let's try to generically thwart OS X ransomware via math!

By continually monitoring the file-system for the creation of encrypted files by suspicious processes, RansomWhere? aims to protect your personal files, generically stopping ransomware in its tracks.
compatibility: OS X 10.8+ 
current version: 1.2.0 (change log
zip's sha-1: e443ed8b67e548298cb86ccde293e24b1aa71e12 
 

 
alert.png

Interested in the background research and design of this tool? See the blog post; 'Towards Generic Ransomware Detection?' 

Also, as with any security tool, direct or proactive attempts to specifically bypass RansomWhere?'s protections will likely succeed. A concerted effort has been made to fully transparent about this, and to articulate the limitations of this tool. See the 'limitations' section below for more details.



RansomWhere? is a utility with a simple goal; generically thwart OS X ransomware. It does so by identifying a commonality of essentially all ransomware; the creation of encrypted files. Generally speaking, ransomware encrypts personal files on your computer, then demands payment (the ransom) in order for you to decrypt your files. If you fail to pay up, and don't have backups of your files, they may be lost forever - that sucks! 

This tool attempts to generically prevent this, by detecting untrusted processes that are encrypting your personal files. Once such a process is detected, RansomWhere? will stop the process in its tracks and present an alert to the user. If this suspected ransomware, is indeed malicious, the user can terminate the process. On the other hand, if its simply a false positive, the user can allow the process to continue executing. 

 

More info: https://objective-see.com/products/ransomwhere.html

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...