Yes, please!, I would also, like to see , how effective a trial of cynet that is against your ransomware? When you get a second...... would like to see. Kind regards,
Awesome. Question: couldn't ransomware be significantly mitigated if normal windows users had a function to not allow common extension (exe, pdf, jpg, word, etc) to be modified or deleted/replaced on a large scale? I mean, most of the files attacked are very know/common extensions and files that 99.9% of people would never even think about changing the extension or deleting/replacing on a massive scale.
A company I used to work for got hit with this just a couple of months ago. (I’m watching this to learn what they went through). The whole company was pretty much shut down for a few weeks because of this.
What happens if u r in the process of getting infected / getting a virus to run for a few seconds but it doesn't complete what it is supposed to ( like encryption ) and u immediately force shutdown your pc?
Most ransomware drops an autorun file to prevent shutdown from interrupting the encryption process, so it will restart once the PC is turned on again. (Maybe I made some grammatical mistakes, English is not my first language)
Given i designed Pictolocker as a proof of concept to fool common misconceptions i also made it work on network locations first. Not this aggressive since that would have been slower and i also needed to be able to control it but it would work from drive Z to C. It really helps the ransomware and its why i advocate for tripwire files on the network that shut the network drive down if deleted. Kinda surpriced they still go with the file extension and ransomnote mechanic though since that makes it much easier to block against it. It makes me wonder what this ransomware does if the file extension is blocked. Will it just delete the files or would it be a means of stopping it? I also was curious about the worm effect which you unfortunately didn't demonstrate.
I added my smb shared folders to the Windows Defender Ransomware protected access feature. Will this help? I added them on every computer that has access to these folders.
Hey, thanks for this vid! I have 2 questions: If a system infected by ransomware like Ryuk trying to encrypt files or infect other computers on the network, but these other computers are protected by strong antivirus and antimalware software, would the ransomware still be able to encrypt files or infect the other computers on the network? Can Ryuk spread from cell phones to computers on a network? Thanks in advance!
It depends on how the antivirus & ransomware work. Typical antivirus works detects ransomware based on its signature & behaviour. I cant rmbr but there's a paper specifically talking abt the loopholes.
Hi, Can you test you K7 Ultimate Security Infiniti Edition. When you get a second , would greatly appreciate...... Also, could do review on Ransomware Rewind Software< Please! Kind regards,
Hello. I want to get your opinion on which antivirus should I install on my pc. I use windows defender only. My usage is medium and i don't want that antivirus which takes a lot of processing power and ram...
The IPs listed are the entire private IP zone. Nothing to actually do from a networking perspective. A proper EDR solution like SentinelOne or Sophos InterceptX will prevent these attacks effectively. Cloud integration is essential for all AV systems
Waiting for Anti Virus /Anti Malware review for vintage laptop , have low hardware specs just don't know which to choose K9 antivirus or F-Secure Antivirus.
@@schrodinger_wave5933 I dont know about K9 but kaspersky is much lighter than F secure. I once tested how many antiviruses I could put on a single vm before it was unusable, i almost had to uninstall f secure because it was taking up over a gig of ram on a 4 gig vm. Maybe I got a memory leak or something butit was also using way more CPU up to 30% on a 3 core.
I can tell you the bare minimum to do it, but still recommend against it because one mistake and bad things can happen. 1. VM software that supports spoofing, virtualbox is a good choice here. 2. Some means of isolating your PC from the rest of the network. I use windscribe for this with its firewall set to block lan connections. 3. A VPN to avoid getting your internet connection terminated when you get malicious activity going. 4. Ways to keep the virus away from breaching your own data. This depends on the virus you want to play with. But with ransomware especially wormable ones you do NOT want any PC turned on with its valuable data connected. 5. (Optional) a means of spoofing the VM so that the virusses will think its a real PC. 6. (Only optional if you know for certain the sample can't breach VM's) Hardenend settings and updated vm software to prevent it breaching the vm. 7. A great antivirus on the host pc to hopefully catch it if it does escape your VM. All in all if you plan on getting into this start easy. I always loved fake antivirus programs. Adware can be fun to watch to. Stuff you can really see happen but won't cause a big problem if it escapes your VM. Save ransomware and especially wormable ransomware until you are 1000% certain what you are doing and are 100% gauranteed not to make a mistake in your security.
I got hit by ryuk last years the only thing i can say is Webroot is a piece of shit ... badactor disabled Windows Defender and Webroot hasn't seen anything at all. Very funny to see in webroot no threat detected when my computer is completely encrypted ...
Legends and kids are still waiting for Kaspersky vs Bitdefender 2021
Lol
Yes😂
@Heberth R. Kaspersky.. that will take even longer. Sometimes it can take 4 hours to full scan PC.
@Heberth R. Yeah bitdefender scans are very deep and complex compared to Kaspersky
Lol yes
One of the best malware analysis channels out there!
Yes, please!, I would also, like to see , how effective a trial of cynet that is against your ransomware?
When you get a second...... would like to see.
Kind regards,
WHAT A TIME TO BE ALIVE
1000 pp
Oh MY god its a stop sign
Finding nemo
Good analysis and demo of this new variant. Thanks for the intelligence 👍
Ryuk did nothing wrong, aside from that whole bringing the death note into the human world thing 😁
Heck yeah! Glad to see your cnannel growth 🙌
Nice. Good content as always. Appreciate it.
Awesome. Question: couldn't ransomware be significantly mitigated if normal windows users had a function to not allow common extension (exe, pdf, jpg, word, etc) to be modified or deleted/replaced on a large scale? I mean, most of the files attacked are very know/common extensions and files that 99.9% of people would never even think about changing the extension or deleting/replacing on a massive scale.
Thanks for this vid man, I work with malware analysis and was looking for this.
A company I used to work for got hit with this just a couple of months ago. (I’m watching this to learn what they went through). The whole company was pretty much shut down for a few weeks because of this.
Absolutely love your content :)
Ryuk sounds like an edgy teen name
it is name from death note
@@ae8177 Shinigami 🔥
Rudgard
@@erenyeagersasageyo what
@@ae8177 Ryuk is a Shinigami or demon
What happens if u r in the process of getting infected / getting a virus to run for a few seconds but it doesn't complete what it is supposed to ( like encryption ) and u immediately force shutdown your pc?
Good question
some file encrypted and some will be safe i guess (I am not sure because i am not try that but i tell you what i expect 😉
Most ransomware drops an autorun file to prevent shutdown from interrupting the encryption process, so it will restart once the PC is turned on again. (Maybe I made some grammatical mistakes, English is not my first language)
@@davidoff5898 makes sense. Your didn’t make any grammatical mistakes as far as I can tell, but I‘m not English either.
@@davidoff5898 Ok thanks
Given i designed Pictolocker as a proof of concept to fool common misconceptions i also made it work on network locations first. Not this aggressive since that would have been slower and i also needed to be able to control it but it would work from drive Z to C. It really helps the ransomware and its why i advocate for tripwire files on the network that shut the network drive down if deleted.
Kinda surpriced they still go with the file extension and ransomnote mechanic though since that makes it much easier to block against it. It makes me wonder what this ransomware does if the file extension is blocked. Will it just delete the files or would it be a means of stopping it?
I also was curious about the worm effect which you unfortunately didn't demonstrate.
I added my smb shared folders to the Windows Defender Ransomware protected access feature. Will this help? I added them on every computer that has access to these folders.
Hey, thanks for this vid! I have 2 questions: If a system infected by ransomware like Ryuk trying to encrypt files or infect other computers on the network, but these other computers are protected by strong antivirus and antimalware software, would the ransomware still be able to encrypt files or infect the other computers on the network? Can Ryuk spread from cell phones to computers on a network? Thanks in advance!
It depends on how the antivirus & ransomware work. Typical antivirus works detects ransomware based on its signature & behaviour. I cant rmbr but there's a paper specifically talking abt the loopholes.
Hi,
Can you test you K7 Ultimate Security Infiniti Edition.
When you get a second , would greatly appreciate......
Also, could do review on Ransomware Rewind Software<
Please!
Kind regards,
new video 👍👍
@ThePCSecurityChannel If you don't mind me asking, out of all of the ransomware tests you did, which one would you recommend for consumers?
Please test avast free again, it haves free ransomware shield now.
Really?!
@@ultralaggerREV1 yes
Im pretty sure it had ransomware shield in his last test. I could be wrong though been a while since i watched it.
@@BlueV1 it didnt, it was like 6-8 months ago, when it didnt have it
Hello. I want to get your opinion on which antivirus should I install on my pc. I use windows defender only. My usage is medium and i don't want that antivirus which takes a lot of processing power and ram...
Another ransomware I don't need to worry about thanks to Malwarebytes.
True because Malwabytes real time protection slows the computer down so much, not much else can run
In another video, Ryuk was able to shutdown Malwarebytes immediately and go on with the encryption process as usual.
I jave deleteted windscribe but i checked task manager and it is showing windscribe in startup can i fix it ??
@Diego Carlos Shut up
I almost fell asleep watching this on bed
Hi, love your vids. Also I am early
Nice video, I just like to ask if you have a memory sample or can image one for memory forensics and behavioral analysis
The IPs listed are the entire private IP zone. Nothing to actually do from a networking perspective. A proper EDR solution like SentinelOne or Sophos InterceptX will prevent these attacks effectively. Cloud integration is essential for all AV systems
Hi, can you test backup solutions against ransomware? Specially the Widows native backups.
Thanks for the video =)
Can you try testing a trial if cynet and see how effective that is against any ransomware?
Can you do a demo on medusalocker ransomware?
no body is talking about that ryuk is from death note man. damn. don't you guys watch death note.
But why this demos are without windows defender? Can we try to see a demo of a system updated?
How you got malware to analyze?? Isnt it dangerous?
Sh*t, Kira is attacking!
BiG FAN SIR .....
12cm RGB FAN?
what happens with hidden and read only folders?
Still waiting for Kaspersky vs bitdefender
I somehow got infected with a rw, a .cadq encryption. I believe it is an online encryption, any chance of having +200 GB of files back?
wouldnt this be linked to EternalBlue?
Is that exploit still working?
*Imagine forgetting to run everything in a virtual machine then realizing that your PC is infected....*
Waiting for Anti Virus /Anti Malware review for vintage laptop , have low hardware specs just don't know which to choose K9 antivirus or F-Secure Antivirus.
Have you considered kaspersky at all?
@@BlueV1 i don't think kaspersky will work fine on laptop with 2 GB ram and intel pentium dual core processor.
@@schrodinger_wave5933 I dont know about K9 but kaspersky is much lighter than F secure. I once tested how many antiviruses I could put on a single vm before it was unusable, i almost had to uninstall f secure because it was taking up over a gig of ram on a 4 gig vm. Maybe I got a memory leak or something butit was also using way more CPU up to 30% on a 3 core.
@@BlueV1 Kaspersky cloud free has a firewall?
@@sudonsudo4632 I dont think so but I could be wrong I prefer to use comodo firewall anyway.
where find the ransomware ? to try
I came to the channel to see whether I could use only Windows Defender and if AVG was garbage. But I stay just for his voice, lol.
I have a ransomware with an ft4eg extension, Sodinokibi (REvil) Ransomware , can you decode it, thanks
try it on IDRansomware, if it says that it's decryptable, then most probably it is.
Dm
any link for ryuk to do a lab ?
*Please review ClamAV....* 🔥🔥
ClamAV has always sucked. Its way worse than Windows Defender.
ClamAV is always shit
@@Henk717 It's in fact very old, it was maybe good in 2004 or 2005.
So do they just write your pc in the death note ?
where can i download ryuk virus?
Can you do a Ransomware vs K7 Total Security??
unrelated: it isn’t pronounced “rī-ük” it is pronounced “rē-ūk”
MORE!
Next vid avast vs ryuk
Can you make video on safe vm to try.viruses?
Virtualbox for free, vmware is paid, but bit better, and use vpn to try em
What’s a good vpn that’s free or like cheap that works
@@Forp777 Nord vpn or Proton vpn
I can tell you the bare minimum to do it, but still recommend against it because one mistake and bad things can happen.
1. VM software that supports spoofing, virtualbox is a good choice here.
2. Some means of isolating your PC from the rest of the network. I use windscribe for this with its firewall set to block lan connections.
3. A VPN to avoid getting your internet connection terminated when you get malicious activity going.
4. Ways to keep the virus away from breaching your own data. This depends on the virus you want to play with. But with ransomware especially wormable ones you do NOT want any PC turned on with its valuable data connected.
5. (Optional) a means of spoofing the VM so that the virusses will think its a real PC.
6. (Only optional if you know for certain the sample can't breach VM's) Hardenend settings and updated vm software to prevent it breaching the vm.
7. A great antivirus on the host pc to hopefully catch it if it does escape your VM.
All in all if you plan on getting into this start easy. I always loved fake antivirus programs. Adware can be fun to watch to. Stuff you can really see happen but won't cause a big problem if it escapes your VM. Save ransomware and especially wormable ransomware until you are 1000% certain what you are doing and are 100% gauranteed not to make a mistake in your security.
@@asil6077 ok sounds good
Why can't you bash the encryption file all the decryption software on the internet just try each one find the matching code hey sesame back in
bro hablas español o ingles buen video
Can you make a video to how you test the av
can I get a link to the virus total page for this?
Hey leo!
Thanks for the video. Would be good to get your thoughts on the hack of Acer Corporation’s systems which has been in the news.
Ayo osu player ransomware?
yes
Oh my god its a stop sign
can it encrypt linux file system also ?
Had the same issue until someone recommended me to *roticman* on Instagram and he did fixed mine successful.
Please could you do a McAfee test for 2021
I got hit by ryuk last years the only thing i can say is Webroot is a piece of shit ... badactor disabled Windows Defender and Webroot hasn't seen anything at all. Very funny to see in webroot no threat detected when my computer is completely encrypted ...
0:05, It's pronounced R-ee-uk, not Riek!
Who cares
@@user-mk2su9fd2v The majority of anime fans who are aware of the significance, except you
ReeYouKay
Malwarebytes gets terminated by ryuk
i thought deathnote but its ok
Best antivirus without sponsor is...?
it's ruyuk not "riuk"
1 view and 9 likes 😕
TH-cam can be slow to update things like this
death note???
ReeyouKay
Hi
test mcafee please pro
Better call the L
try Net Protector Anti virus
National geographic god dammit
Hehe
young Jamie &&&&&&& redban &&&&&&&& & XENA &&&& Joey Diaz
First
Appreciate the content, but it must have been aimed at those already PC literate.
9004 HANFORD ave HESPERIA
Hi