This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is there any official word from Sophos regarding the RIPlace ransomware threat?

Nyotron is reporting a new strain of ransomware that can bypass most malware protection.  

https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/

 

I ran their test tool.  Intercept-x flagged it as a generic PUA. I made an exception for the PUA and let the test run. The tool was able to successfully encrypt my test files, which to me, indicates that Intercept-X isn't able to block it. I hope that's not the case.

 

 



This thread was automatically locked due to age.
Parents Reply
  • Hello Derek Higgins,

    just curious - did you also have to make a PUA exception like JamesGolden had? The difference between ransomware and encryption software is basically just that the former doesn't provide the decryption key (usually it does not generate the keys so it even doesn't know it).

    Christian

Children
  • Thanks for your very fast reply.  Yes, I did need to make the exception to even extract the RIPlace.exe.  Our company is on a mission to try to tighten everything up as much as possible, especially seeing what is happening out there.  So, the test software may not be an actual real test because of the keys?  That makes sense, but I don't know the answer to that.  Thanks again for your quick reply. 

  • Hello Derek Higgins,

    haven't tested the software and can't say how it works in detail.
    PUA covers a wide spectrum, from (potential) licensing problems, ""productivity impact", potential misuse, to very dubious. You're advised to carefully asses PUAs you exempt. Subsequently your exemption is honoured - I assume that that the software is nevertheless is not totally free in its actions but it is permitted to "show off".

    Christian