All posts by admin

CyberSight RansomStopper

Your antivirus or security suite really ought to protect you against ransomware, along with all other kinds of malware. There might be an occasional slipup with a never-before-seen attack, but those unknowns rapidly become known. Unfortunately, ex post facto removal of ransomware still leaves your files encrypted. That’s why you may want to add a ransomware protection utility to your arsenal. The free CyberSight RansomStopper stopped real-world ransomware in testing, but can have a problem with ransomware that only runs at boot time.

Similar Products

RansomStopper is quite similar to Cybereason RansomFree, Trend Micro RansomBuster, and Malwarebytes Anti-Ransomware Beta. All four are free, and all detect ransomware based on its behavior. Since they rely on behavior, it doesn’t matter whether the ransomware is an old, known quantity or a just-created zero-day attack. Like RansomFree, RansomStopper uses bait files as part of its detection methodology. However, RansomStopper hides its bait files from the user.

Getting Started

Installation went quickly in my testing. After the download, I completed the process by entering my first and last name and email address. Once I responded to the confirmation email, the product was up and running.

The product’s simple main window reports that “You are protected from ransomware.” Buttons across the bottom let you view security alerts, processes RansomStop has blocked, and processes you’ve chosen to allow. Another button lets you check for updates, if you didn’t select automatic updates during installation. Simple!

CyberSight also offers a business edition. Added features include email alerts, centralized administration, and detailed reports. The business edition costs $29.99 for a single license, though the price drops to as low as $10 per seat with volume licensing.

Ransomware Protection

When RansomStopper detects a ransomware attack, it terminates the offending process and pops up a warning in the notification area. Clicking the warning lets you see what file caused the problem. There’s an option to remove programs from the blocked processes list—along with a warning that doing so is a bad idea.

Waiting to detect ransomware behavior can sometimes mean that the ransomware encrypts a few files before termination. When I tested Malwarebytes, it did lose a few files this way. Check Point ZoneAlarm Anti-Ransomware actively recovers any encrypted files. In my testing, it did so for every ransomware sample. ZoneAlarm’s only error was one instance of reporting failure when it had actually succeeded.

For a quick sanity check, I launched a simple fake ransomware program that I wrote myself. All it does is look for text files in and below the Documents folder and encrypt them. It uses a simple, reversible cipher, so a second run restores the files. RansomStopper caught it and prevented its chicanery. So far so good.

Caution, Live Ransomware

The only sure way to test behavior-based ransomware protection is by using live ransomware. I do this very cautiously, isolating my virtual machine test system from any shared folders and from the internet.

This test can be harrowing if the anti-ransomware product fails its detection, but my RansomStopper test went smoothly. Like ZoneAlarm and Malwarebytes, RansomStopper caught all the samples, and I didn’t find any files encrypted before behavioral detection kicked in. Cybereason RansomFree did pretty well, but it missed one.

I also test using KnowBe4’s RanSim, a utility that simulates 10 types of ransomware attack. Success in this test is useful information, but failure can simply mean that the behavior-based detection correctly determined that the simulations are not real ransomware. Like RansomFree, RansomStopper ignored the simulations.

Boot-Time Danger

Keeping under the radar is a big deal for ransomware. When possible, it does its dirty deeds silently, only coming forward with its ransom demand after encrypting your files. Having administrator privileges makes ransomware’s job easier, but getting to that point typically requires permission from the user. There are workarounds to get those privileges silently. These include arranging to piggyback on the Winlogon process at boot time, or set a scheduled task for boot time. Typically, the ransomware just arranges to launch at boot and then forces a reboot, without performing any encryption tasks.

I mention this because I discovered that ransomware can encrypt files at boot time before RansomStopper kicks in. My own fake encryption program managed that feat. It encrypted all text files in and below the Documents folder, including RansomStopper’s bait text file. (Yes, that file is in a folder that RansomStopper actively hides, but I have my methods…)

I reverted the virtual machine and tried again, this time setting a real-world ransomware sample to launch at startup. It encrypted my files and displayed its ransom note before RansomStopper loaded. From my CyberSight contact I learned that they’re “testing several solutions” for this problem, and that an update in the next few weeks should take care of it. I’ll update this review when a solution becomes available.

RansomFree runs as a service, so it’s active before any regular process. When I performed the same test, setting a real-world ransomware sample to launch at startup, RansomFree caught it. Malwarebytes also passed this test. RansomBuster detected the boot-time attack and recovered the affected files.

To further explore this problem, I obtained a sample of the Petya ransomware that caused trouble earlier this year. This particular strain crashes the system and then simulates boot-time repair by CHKDSK. What it’s actually doing is encrypting your hard drive. Malwarebytes, RansomFree, and RansomBuster all failed to prevent this attack. RansomStopper caught it before it could cause the system crash—impressive! To be fair to the others, this one is not a typical file encryptor ransomware. Rather, it locks the entire system by encrypting the hard drive.

Querying my contacts, I did learn that boot-time ransomware attacks, including Petya, are becoming less common. Even so, I’m adding this test to my repertoire.

Other Techniques

Behavior-based detection, when implemented properly, is an excellent way to fight ransomware. However, it’s not the only way. Trend Micro RansomBuster and Bitdefender Antivirus Plus are among those that foil ransomware by controlling file access. They prevent untrusted programs from making any change to files in protected folders. If an untrusted program tries to modify your files, you get a notification. Typically, you get the option to add the unknown program to the trusted list. That can be handy if the blocked program was your new text or photo editor. Panda Internet Security goes even farther, preventing untrusted programs from even reading data from protected files.

Ransomware crooks need to take care that they’ll be able to decrypt files when the victim pays up. Encrypting files more than once could interfere with recovery, so most include a marker of some kind to prevent a second attack. Bitdefender Anti-Ransomware leverages that technique to fool specific ransomware families into thinking they’ve already attacked you. Note, though, that this technique can’t do a thing about brand-new ransomware types.

When Webroot SecureAnywhere AntiVirus encounters an unknown process, it starts journaling all activity by that process, and sending data to the cloud for analysis. If the process proves to be malware, Webroot rolls back everything it did, even rolling back ransomware activity. ZoneAlarm and RansomBuster have their own methods for recovering files. When the anti-ransomware component of Acronis True Image kills off a ransomware attack, it can restore encrypted files from its own secure backup if necessary.

Give It a Try

CyberSight RansomStopper detected and blocked all my real-world ransomware samples without losing any files. It also detected my simple hand-coded ransomware simulator. And it blocked an attack by Petya, where several competing products failed.

RansomStopper did exhibit a vulnerability to ransomware that only runs at boot time, but my sources say this type of attack is becoming less common, and CyberSight is working on a solution. Other free products had their own problems. RansomFree missed one real-world sample, and Malwarebytes let another sample encrypt a few files before its detection kicked in. RansomBuster fared worse, missing half the samples completely (though its Folder Shield component protected most files).

Check Point ZoneAlarm Anti-Ransomware remains our Editors’ Choice for dedicate ransomware protection. It’s not free, but at $2.99 per month it’s also not terribly expensive. If that still seems too steep, give the three free utilities a try, and see which one you like best.

For Sale – Macbook Pro 13 (4 days old)

Hi chaps.

I made a rash impulse buy on Monday and I’m now regretting it!

This is the basic Macbook Pro in Space Grey.

I have the receipt from PC world in Moorgate (London) dated 11th December.

It cost me £1149, but I’m listing it for £100 less.

It’s been used for maybe one hour, so I doubt I can return it.

Let me know if you want pics etc, obviously it will be boxed as new.

Cheers :)

Price and currency: 1050
Delivery: Delivery cost is not included
Payment method: BT PPG
Location: Epping, Essex
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – MacBook Air 13″ – 4GB RAM, 128GB SSD, i5 – 2011

Hi,

For sale is my 2011 MacBook Air 13″, bought off of these forums around 5 years ago now.

It is the i5, 4GB, 128GB SSD version. It has a fresh install of macOS Sierra (10.12).

There are a few scratches on the top as shown in the pics (I always had a skin installed on the top, the scratches were there when I purchased). And as usual with these laptops, some scratches and small dents on the bottom side. There are also a couple of screws missing, they seem to work themselves loose over time!

The screen is in good condition but has some feint marks from where the keyboard touches the screen when the laptop is closed – again, a common sight with these. There is a single stuck pixel near the middle of the screen, the only way you can really see it is with a completely black screen. It’s not very bright, just stuck.

The entire of the internals were replaced by Apple under warranty in Oct 2013. Battery life is approx. 2:30 in general use, which for me is normally 20+ chrome tabs, Outlook, etc. In the battery menu it says ‘service battery’ but it has been this way for a couple of years now and I have had no problems.

The charger is a genuine Apple unit, but the casing is a bit loose. I did glue it back together but it’s come loose again. The good thing is that the magsafe end is in good condition with no frays etc.

Laptop comes with the original box. Postage included in the asking price – ParcelForce 48 with insurance.

Price and currency: 250
Delivery: Delivery cost is included within my country
Payment method: BT, PayPal Gift, cash on collection
Location: Nottingham, NG7
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Dell XPS 9365 2 in 1 – i7 – 8GB – 512GB – QHD + Extras

Dell XPS 9365 2 in 1 – i7 (7th Gen) – 8GB – 512GB – QHD + Extras

Received this as a gift – pretty much top of the range spec and in excellent condition – used for approx 1 monthish – comes with the remainder of the 12 month warranty – expires 2nd October 2018.

This is similar model: XPS 13 Inch 2-in-1 Laptop | Dell UK

Black carbon skin applied to the top and bottom of the laptop

Comes with USB-C – converters – the original dell and an additional converter giving you HDMI, Ethernet and USB

Also comes with the Dell Stylus (one of the best features IMO)

For transparency, I believe this is a dell outlet laptop due to the box that it came in (wasn’t the fancy black box that XPS’s come in).

Only selling as, even though the laptop is phenomenal, I find I keep using my desktop more than anything.

Price does not include delivery, and as the current retail price is £1,749 for this laptop, I feel this price is pretty good – but I am open to offers!

Would prefer this to be collected – postage and responsibility for any damage will be on the buyer – will need to know if want posting as will need to obtain sufficient packaging – postage label to be provided by buyer.

Price and currency: 1500 NOW £1250
Delivery:
Goods must be exchanged in person
Payment method: BACS or cash on collection
Location: Preston
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Asus X551C Laptop – i3 3127U, 4 GB Ram, HD4000gfx, 500GB HDD

I purchased this laptop from a member on another classified forum not to long ago, around mid November. I no longer have a use for the laptop so I am going to sell it on. Since I’ve had the laptop I added a new battery.

It will need an operating system installing

Specs: i3 3127U, 4 gb Ram,HD4000gfx and 500gb hdd

Pictures – (These are the pictures the last owner sent me but condition is exactly the same)

Imgur: The magic of the Internet

With the cost of the new battery, I’d like to get back what I paid. £110 including delivery

Price and currency: £110
Delivery: Delivery cost is included within my country
Payment method: bank transfer
Location: stoke on trent
Advertised elsewhere?: Advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Lenovo X220 i5 – 8GB memory – Storage 300GB – Windows 10

I have for sale a Lenovo Thinkpad X220 laptop in excellent condition. Its fast, with an excellent screen. Excellent for work or entertainment, or both.

i5 2520m cpu@ 2.5ghz 2.5ghz

300gb storage

8gb memory

12″ screen

Windows 10

Battery life is around 2 hours, give or take 10 minutes or so

Exterior and screen in excellent condition

Lightweight so is easy to carry

Comes with charger adapter plug

I will be posting recorded delivery, which is included in the price.

Payment will need to be made first. Laptop will be delivered to you on the 23rd or 24th of December. I need to keep it for a week (until new one comes) as I am currently using this for work.

Price and currency: 140
Delivery: Delivery cost is included within my country
Payment method: Bank Transfer
Location: London
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Last of the Iconic Sony Vaio Z Series

**Last of the iconic Sony Vaio Z series laptops**

For sale is my well cared for carbon fibre Sony Vaio Z Series which I have owned since new. This cost me £1250 when new so grab yourself a bargain!!

I am asking for £350 collected. Hopefully, some thumbnails will be attached below. I’m happy to ship via RMSD at the buyer’s cost. I have all the original packing.

It’s a stonking performer with 256GB SSD drive, 8GB RAM and a fantastic 13.1″ full HD 1920×1080 display. It is the Wi-Fi plus wireless broadband version that accepts a standard SIM card for mobile data access.

It was my daily workhorse until early last year when I bought a rather poor Lenovo replacement.

It is absolutely complete with all the original packaging – even down to the plastic mains lead cover and twisty tie!! It can be shipped having been securely wiped and rebuilt to the factory defaults of Windows 7 Professional plus pre-installed factory software and drivers etc.

The full spec is: –

Model: Vaio SVZ1311CE5
Operating System: Microsoft Windows 7 Professional x64
Processor: Intel Core i5-3210M 2.5GHz
RAM: 8GB
Hard Drive: 256gb SSD
Graphics: Intel HD Graphics 4000
Screen Size: 13.1″
Screen Resolution: 1920 x 1080

USB Ports: 2 (USB 3.0)
HDMI Port: Yes
Card Reader: SD, MS
Webcam: Yes
Connectivity: Wi-Fi, 3G mobile broadband and Bluetooth
TPM Security module plus fingerprint reader
Backlit keyboard

I am based in West Sussex and I’m happy to meet up for delivery within a 30 mile radius of Horsham. If you want to arrange for your own courier collection from my home address, then that’s fine too so long as insurance is included.

IMG_2733.jpg

IMG_2735.jpg

IMG_2736.jpg

IMG_2737.jpg

IMG_2738.jpg

Price and currency: £350
Delivery: Delivery cost is not included
Payment method: Bank Transfer
Location: Horsham, West Sussex
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Acer Predator 17 G9-793

Acer Predator 17 G9-793-79RR for sale. This is fully boxed, in immaculate condition and has seen very little use – maybe 30 hours (not sure if there is a way to check?)

Full spec includes:

– Core I7 6700HQ
– Windows 10 Home
– 16GB RAM
– 128GB SSD + 1TB HDD
– 17.3” IPS 1920×1080 (Full HD) screen
– GF GTX 1070
– WiFi/Bluetooth

The main reason for selling is it generally sits around unused, so makes sense to sell it before it’s not worth very much. It’s around 1 year old.

Price and currency: 1095
Delivery: Delivery cost is not included
Payment method: PayPal Gift, Bank Transfer, Cash
Location: Walsall
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – Microsoft Surface Pro 4 i5/256gb

For sale is my Surface Pro 4. It is the i5/8gb/256gb model. Comes with Red keyboard as pictured and original box, but no pen included.

It is in full working order and good condition. Has wear and tear scratches/marks on the back and around the bezel but the screen is near perfect with no scratches or marks at all.

The keyboard is in very good condition with very little signs of use. Mainly because I only use this device for work when on client sites. Which has been around a total of 4 weeks in the last 9 months. This was a new keyboard I purchased around the end of Feb.

I need this gone asap, so open to reasonable offers.

Price and currency: 600
Delivery:
Delivery cost is included within my country
Payment method: BT
Location: Slough
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

For Sale – hp envy 17-r107na laptop

I’m selling this beast of a laptop. Have finally seen the sense and purchased something smaller.

Laptop is in good working order but has taken a bit of a beating on the lid, see photos.

When I purchased this laptop, I extended the warranty to 3 years, 1 year and 2 months is still left on this. It should be transferable to the new owner as the warranty is electronically tracked by the laptop itself (again see very poor photo)

Specs are:

  • Intel Core i7 (6th Gen) 6700HQ / 2.6 GHz Max Turbo Speed 3.5 GHz Quad Core Processor
  • 16GB RAM, 512GB SSD
  • 17.3″ Full HD Display (1920 x 1080) Resolution
  • NVIDIA GeForce GTX 950M 4GB Dedicated Graphics
  • Windows 10 Home 64-bit

Any questions let me know.

20171211_195219.jpg

20171211_195226.jpg

20171211_195234.jpg

20171211_195250.jpg

20171211_195338.jpg

20171211_195409.jpg

20171211_195518.jpg

20171211_195550.jpg

Price and currency: £500
Delivery: Delivery cost is included within my country
Payment method: ppgift
Location: Basingstoke
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

______________________________________________________
This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.