Ransomeware Shield and network drives

[terry125]

I currently use the free version of Avast with the paid version of Malwarebytes which gives me some protection on Ransomeware - not sure how effective it is. Reading the Avast Ransomeware Shield, it works differently by only allowing certain applications to change files in a defined set of locations which is an interesting approach.

However, just wondering if anyone has tried this with network drives as I have a NAS and I understand that the new wave of Ransomeware now hits network drives as well.   If it does, has anyone tested to see if two computers joined to the same drive and one changes the data, does Advast notice or not ? I hope and presume not.

Thanks

[DavidR]

Only paid versions of avast have the ability to nominate folders that they want protected from encryption from ransomware.  The avast free version it trying to detect any ransomware before it gets on your system, this preventing encryption, so it doesn't go as far as the paid versions of avast.

I don't know if the ransomware protection in the paid versions of avast would/could be extended to cover NAS systems.

[REDACTED]

hello,
yesterday morning I got hit with the latest ransomware - MOLE00
it encrypted almost all the files on my personal PC, Avast did not catch it , it did not even see it!
Luckily I was able to stop the ransomware from encrypting all of my files and my backup partition. because I was using the computer at the time and noticed files appearing on my desktop  I immediately disconnected from the network and opend the task manager and try to stop the ransomware process.

All I was doing at the time of the infection was reading the news on a local online news website

I have been a PAID subscriber to Avast Internet Security for the last 8 years and I am very disappointed-I did not get the INTERNET SECURITY that I needed when I needed it !. its like buying condoms with holes !why bother.

I spent the last 8 hours looking for the virus, removing it, cleaning the hard-drive and recovering as many files as possible.
I sure hope Avast is planing to improve their product maybe this info can help them:

during the manual clean -up and removal of this ransomware I found that the virus was located in \AppData\Local\mbzx.exe
it also had another executable, I think it was in the Roaming file: BCDA9163F2.exe
The name of the process that I stopped was: oren music

What is "nice" about this Ransomware is that it changes all the file names  so you have to recover everything and you cant pick and choose.

does anyone know if there is a descriptor for this ransomware?
The file recovery with Shadow explorer was limited so any help will be appreciated, in recover and decryption ! 

[Pondus]

@vr6driver   
No security program have 100% detection or zero false positive, and new and changed versions are released evry day to avoid detection

If you want to help avast detect it, send file(s) to avast lab  >>  https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

you can also upload and test files here >>  www.virustotal.com  all members will then recive copy of the file(s)

[Pondus]

Find out what ransomware you have  >>  https://id-ransomware.malwarehunterteam.com/

Decryptors  >>  https://www.nomoreransom.org/

[REDACTED]

Pondus,

thanks for the links, I will check them out.

I know that no antivirus is 100% and that virus change their name and identity, the reason I am disappointed with Avast is that the virus "sat" in my computer for TWO weeks before triggering!(based on the date of the file creation and research online)
The scan that I ran friday morning right after I notice the virus activity- did not detect it , it only was detected by Avast on the third scan I did that yesterday.