takeoff342

CLOSED Not detected Ransom in the Video

Recommended Posts

Hello Emsi Team,

 

here is a very new Video, that tested from a well known and good tester the new V12 Beta. In the Result of this video u can see, that Emsisoft has not detected a Ransom.

 

Now i would love to ask how that can be? Cause specially your new BB is trained to detect all forms of ransom ware. Maybe i would be good if u get into kontakt to the hoster and let you get the sample and test it yourself.

 

has u an answer why the ransom is not detected?

 

Thanks in advance. Chris

 

post-29531-0-37982100-1474655473_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

Just because some product calls it ransomware doesn't mean it has to be. There are dozens of reasons why this could have happened. The most likely one, given the fact that none of the files were even encrypted, is that the ransomware's C2 servers simply have been taken down already. So the file would never actually encrypt anything, which is kind of what we are looking for. There are also several ransomware families out there that simply will not attempt to encrypt any files if the system is running EAM. Cerber being one of those families for example.

  • Upvote 1

Share this post


Link to post
Share on other sites

Very thanks fabian for your fast reply. 

i have another question. I ask that in German, cause sooo good is my english not, ofc you can answer in english:

 

Was ich absolut nicht verstehe, warum bitte hat Emsi bei der neuen Version V12 die Möglichkeit abgeschafft via der Quarantäne Samples upzuloaden. Ich habe das sooft gemacht, e-mail Anhänge die bei mir angekommen sind und suspekt ware in die quarantäne und hochgeladen. Vorteil, man sah wann es hochgeladen wurde, und wann es dann erkannt wurde und den Namen der Bedrohung. Warum bitte schafft man das ab? Gerade wenn man doch darauf Wert legen (sollte) eine gut gefütterte cloud zu haben. Klar gibts die Möglichkeit samples via Internetseite hochzuladen, aber sorry das ist bei Weitem nicht das Gleiche.
Also ich muss dann schon fast sorry sagen, sooft und gern ich früher einfach und schnell via Quarantäne samples submitted habe, so umständlich ist es mir über eine Internetseite. Zumal diese Upload Funktion im Programm selber auch für unversierte User einfacher ist.
Also zumindest könnte man dann in das Programm einbauen, das man vom Programm dann automatisch auf die entsprechende Internetseite geleitet wird wenn man den button drückt.
Wäre jemand von Emsi bereit mir mal nachvollziehbar zu erklären warum man diese Möglichkeit entfernt hat??

 

Thanks again a lot for answer

Share this post


Link to post
Share on other sites

The submit feature has been abused by people in the past far too many times. In the end, 99.99% of the files people submit through it are just garbage. Are there a handfull of people who may have used it for its intended purposes? Yes. But the overwhelming majority just uploaded a bunch of garbage, combined with support requests etc. and just got upset if nobody replied to them. It's simply not worth the trouble it causes.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.