Windows Defender vs Ransomware

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome to the pc security channel last year i did a video titled windows defender vs ransomware where i tested the default security of windows with windows defender again some of the most infamous ransomware from the last five years including threats like wannacry the results were well quite interesting since then of course windows has had a lot of updates so we're now on 20 h2 in terms of version and i just wanted to rerun the experiment this should give you an idea of how well protected you are if you're using windows defender as your primary line of defense this video is brought to you by malwarebytes privacy if you want a super fast vpn check them out using the link in the description without further ado let's take a look at our ransomware so as you can see we've got 60 items here infamous threats from the last five years have added some in there so there are new threats like wasted locker you know the ransomware that cost garmin millions and we're going to automate a network-based attack factor on the task system to see how windows defender fares in order to do that we have our automation tool called malex which some of you may be familiar with we do these kinds of tests with all sorts of endpoint security solutions if you want to check those out you can always subscribe malex is essentially going to go through each of these files run them on the system show us any system modifications that are happening all of this is going to happen from a network location which is how a lot of ransomware does everything is good to go so let's get testing [Music] as you can see threats are being blocked right away we're passing through these samples rather quickly and this is to be expected because as i mentioned these are threats from the last five years so they're very well known at this point so i would expect a good endpoint security solution to block all of these [Music] ooh it looks like we have a miss here so that's very interesting we'll see if that actually follows through if the ransomware executes successfully or if there's any behavioral protection that blocks it later on [Music] but there you have it the test is complete we've executed all 60 of our files with a proactive detection of 98.33 percent and we only missed one sample which is scarab now this is a pretty deadly ransomware as the name would suggest anyone remember the mummy movies yeah that's what we're going through right now so let's take a look at the processes on the system so i'm just going to open up the tools and we'll see if we can notice what's going on with scarab might be crawling through our system right now trying to encrypt files as you can see from uh you know malex we can see that scarab did create a new file handle sysmain.sdb so that's probably what it uses to begin the encryption process now looking at process explorer i'm just going to try to condense this and it does seem like scarab is active and running and it appears it started a sub process all right so after a considerable amount of time it seems like the ransomware completed its encryption process and now we get the ransom notes saying that your files are encrypted now we're going to take a look at the data we have and there's some good news here so in terms of the documents and pictures these are protected folders under controlled folder access and they were spared so the files were not actually encrypted and if we open them you can see that the contents are actually safe it's not strictly a threat blocking feature it just blocks anything from accessing these folders and just to demonstrate that i'm going to show you the block history and as you can see it has also blocked microsoft process so this is more like a lockdown feature for certain folders but i do recommend that you use it if you are depending on windows defender but on the other hand anything that was not a protected folder like the desktop for example was actually encrypted so if we go into our tools all of this is encrypted so unless you specifically put files in the few folders that are locked down your computer would still be encrypted by this so now we're gonna move on to the more interesting part of the test which is going to be disabling the connection to the internet and doing a test of the offline protection that windows defender has the reason this is relevant is because as i mentioned we are testing well-known threats at this point so it's very possible that if it's doing a simple cloud lookup query it should come up with on this file bad and i really want to see what happens when it can't reach the cloud so as you can see we have disconnected from the internet and now we're going to restore to the previous snapshot and we'll rerun the same test under different circumstances so we're going back rolling back the encryption we should have all our files we can pretty much directly start up malex again same situation except no internet this time everything's good to go so let's get testing once again so far so good as you can see it's still blocking threats but it seems like it's missing a few more than before and things are getting worse so now we're hovering at around 87 percent in terms of proactive detection we've got black claw running and uh taking off and now we have a black screen and apparently we need to pay 5.9 million dollars in ransom to get our system back that's not nice we've got this little jester making fun of us and i tried to all tab out at this and it just gets worse now we have the fake windows update phantom ransomware running now if we try to return to our test it does seem stuck at around 46 files okay it's going now [Music] and we have shell locker on the system now it says we have two days to pay the monies or our files will be gone i'm all tabbing a lot to no avail so try to close this out see if we can return to the test the test does create um a result log so maybe we can access that attention attention your documents photos databases and other important files have been not really because it seems our shared folder is now getting encrypted quite heavily attention attention attention your documents photos databases and other important files have been encrypted okay so here we go here are the results test is done 60 volts were successfully executed and we have a final proactive detection of 83.3 percent with 10 samples missed so the samples missed were black claw crypto wall james ransom kill disk uh popcorn scarab shade shell locker and the snake game ransomware so all of these successfully executed on the system now let's go back and see what the situation is so some of our shared folder is also encrypted this time let's see what happens if we try to reboot the system and the moment we reboot we have another ransomware that has changed the desktop background it's called kryptonite at least this one only asks for five hundred dollars but ooh there's a lot of nasty stuff on the desktop so this is what happens to windows defender when the internet goes away kind of shows you how cloud-dependent it is so the system's a complete disaster we've even got icons uh they're not showing up if we take a look at our documents [Music] that's really cool so it seems like the data here was still not affected because of the protected folders feature and this is kind of why i really strongly recommend using that feature if you are sticking with windows defender again this is not an ideal result regardless as i mentioned these are well-known ransomware variants and by well-known i don't just mean couple of days old a week old i mean there are articles about most of them online research papers that sort of thing so i would expect them to just be blocked regardless either by some kind of behavior blocker intrusion prevention system or just old school signatures but as you can see windows defender is not really that good when it comes to handling these threats so if you are sticking with it i would recommend turning on controlled folder access even if it is a pain and making sure your important documents are in there and we do these tests all the time with different products so if you're interested in that stuff you should definitely check out the pc security channel or subscribe to watch our upcoming tests i hope you found this video helpful please like and share it if you enjoyed it because a lot of people don't have the awareness of their exposure to things like ransomware and what they need to do to stay protected if you'd like to do some cybersecurity tests for your business you can get in touch at the pcsecuritychannel.com and now a word from our sponsors many of you may be familiar with the name malwarebytes when it comes to anti-malware but they have recently launched a brand new vpn service called malwarebytes privacy i've been running and testing this for the last two weeks and one of the most amazing things i've noticed is the speeds and consistency especially in servers in the united states and europe in some cases have noticed it to be faster than some of the mainstream vpn providers and this is a vpn service that focuses on being a vpn they don't offer any cyber security protection with it which means no tracking at all they don't store any logs the cyber security component is offered as an entirely separate browser extension you can connect to servers in any country and once you do so it's going to remember your choice and auto connect you next time so it's a full featured vpn they do have a combined offer where you can get it at a discount so if you are already planning on getting malwarebytes anti-malware or already use it it might be a really good deal for you so show them some love for sponsoring the pc security channel check out malwarebytes privacy link will be on screen and in the description this is leo thank you so much for watching and as always stay informed stay secure you
Info
Channel: The PC Security Channel
Views: 1,306,191
Rating: undefined out of 5
Keywords: The PC Security Channel, TPSC, cybersecurity, cyber security, computer security, internet security, antivirus, anti malware, ransomware, trojan, virus, PUP, best antivirus, best internet security, hacking, hack, security, technology, cyber insurance, cybersecurity degree, EDR, best EDR, windows defender, Windows defender vs ransomware, is windows defender good enough, windows defender review, windows defender test, is windows defender good enough 2021, windows defender vs ransomware 2021
Id: ZbYx8V2RTjc
Channel Id: undefined
Length: 11min 58sec (718 seconds)
Published: Tue Feb 09 2021
Related Videos
Kaspersky vs Windows Defender
The PC Security Channel
607K
Windows Defender vs Top 100 Malware Sites
The PC Security Channel
632K
The Malware that hacked Linus Tech Tips
The PC Security Channel
1.5M
Malwarebytes vs 2000 Malware
The PC Security Channel
163K
The Anti-Virus Tier List
Chris Titus Tech
906K
Where People Go When They Want to Hack You
CyberNews
1.2M
Are You Tired Of Windows Spying On You?
CyberCPU Tech
90K
How to know if your PC is hacked? Suspicious Network Activity 101
The PC Security Channel
1.2M
Is Windows Defender Good Enough in 2024? | Overview, tests, and alternatives!
CyberNews
9.7K
Kaspersky vs 2000 Malware
The PC Security Channel
210K
I made an entire OS that only runs Tetris
jdh
1.6M
WANNACRY: The World's Largest Ransomware Attack (Documentary)
The TWS Channel
558K
How you get Hacked: what attackers use today
The PC Security Channel
103K
I Don't Trust Antivirus Software...
SomeOrdinaryGamers
1.1M
Should You Install Software Using .EXE or .MSI ?
ThioJoe
530K
Is your PC hacked? RAM Forensics with Volatility
The PC Security Channel
900K
3 Levels of WiFi Hacking
NetworkChuck
1.7M
Bitdefender vs Kaspersky: Ransomware Test
The PC Security Channel
556K
Don't buy an anti-virus - do THIS instead!
Liron Segev
1.9M
You NEED this Free Software!!! (NOT SPONSORED!)
JayzTwoCents
1.6M
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.