RansomFree - New anti-ransomware free program

Looks like a worthwhile proggy...;)

Thanks, Doc.... trying it out now.  I avoid things normally associated with ransomware delivery and etc, but still, it is much better to be safe than sorry.

Welcome, Mark. Hope it prevents something truly bad.

I've been using it since your post Doc,  It has already updated once, so that suggest to me that they are quite possibly staying ahead of the curve when it comes to bad actors trying to side-step it's protection.

-- Ace --

Ditto ...;)

Thanks, Doc, for your post.  I'm trying it out too.  One of my wife's friends recently got hit by one of those, she had to ask her son to reformat and reinstall everything.

Trying it now - thanks for the info

Same here, and not just for me.

Sadly, it's not software that's capable of sending a bolt of lightning right back to the creators of these vile things.

Hello! I'm new here and it may be wrong thread, but still I want to ask you if there is any way to recover files after this merry_i_love_you_bruce ransomware attack? I've already tried to use ShadowExplorer but no luck for me.

So I'd be very thankful for any help!

ShadowExplorer is only useful to explore 'shadow copies' of files.  Of course that only worked to recover data until the ransomware dudes got smart enough to encrypt and/or delete those copies as well.  Sorry to say if you've been hit by one of the newer iterations, you're likely out of luck.

My advice is join the forums at BleepingComputer.com - they have very knowledgeable people there who can help with ransomware.  They may know of a free decrypter that can be used to recover your data.  Determine that first before removing the infection.  If there is a free decrypter then clean the machine with MalwareBytes AntiMalware and recover your data.

https://www.bleepingcomputer.com/forums/

An update to this program now places two hidden folders on every internal partition.  The folders contain files with misleading extensions, such as a jpg which isn't a jpg, txt which isn't a txt file, etc..  They also have strange names such as friendship-insect-invite-repeat.docx.  IIf you delete the folders they will reappear.  I just spent three hours chasing down what I thought was a virus!  A readme file explaining the contents odf each folder would have saved me a lot of time.

You should also have a few icons on the desktop with titles such as 'do not delete me....' explaining what they are...and I believe the website explains it....and there's a RTFM somewhere too...;)

Those folders and items inside are monitored by the proggy looking for signs of ransom attack....being at the beginning of a folder tree means they get hit first...and thus no genuine file of yours gets hit before the proggy has a chance to react...;)

It appears to change the 'bait' folder and file names intermittently and randomly, also, so it could easily raise an eyebrow if one hadn't checked the documentation.  So far, it seems quite unobtrusive otherwise.

Found that out when I tried to delete them, thinking the same thing. Then I realized why they were there. 

I don't have the desktop icons.  And I eventually figured out they were bait files because they are the types of files that ransomware would attack.  Since I didn't know the folders were created by this software I had no reason to check their website for an explanation.  It was only when I started shutting down starup aps that I found the problem.

The trick is that whenever you add a new proggy...no matter from whose suggestion it comes [even Doc's] the trick is to investigate first....check it out online before checking it out as a download/install.

Knowledge is power....;)

[just ask MS....Google....et al]

Folders were not hidden for me.

They are visible on my boot drive but hidden on drives D and E.  Ther are not on my external drive.

I see them on all drives.

Thought they we supposed to be hidden.

None are hidden here.  From their website Q&A:

Can't find anything on their site indicating whether the folders/files should or should not be hidden.

I'm thinking not. I opened file explorer and then on folder options, unchecked show hidden files and folders, applied it and closed. The files are still there. I then reset it. Si I guess they stay visible but they have the look of hidden files and folders. 

Same here.  Thing is, I think if you leave 'Show Hidden Files' unchecked they wouldn't be visible.  I have those files visible so that I can see 'Program Data' and other files at a glance when needed.  However, I may just uncheck it so I'm not hunting through irrelevant folders on my storage and other drives... like some drives have collected quite a few since I installed RansomFree.

And like several others, I wondered what they were and why they were there.  I didn't take long to figure it out, though.  In reading some program documentation I soon found out why I suddenly had mysterious folders all over the place.. they were/are the bait files placed there by RansomFree.

Ya think the bait is juicy enough?

Just asking.