If you see files likes below = NO PANIC !
zzzz346468454.txt
!!!!4873487.doc
XORXOR131395328.pem
zzzzz1128386401.png
ZZZZZ4032929292.pptx
!!!!!28748750874.pst
!!!!!195855848565.bmp
XORXOR394587587.pdf
You are probably experimenting the display of the honeypot files of the Ransomware module of Traps.
Basically these files are there for malware to be available, and in case the malware touches these files, the process gets killed 🙂
These files are located mainly in the usual folder like Desktop, My Pictures, My Videos, My Music, Outlook Files and so on.
If you see these files, it’s because your process hasn’t been whitelisted by Traps. Most common processes are whitelisted like the standard Explorer, Iexplore, Chrome, Office exes and so on.
The whitelist is a very basic list of process names.
If you rename the exe, the files don’t show anymore. It’s better than nothing, but I would have prefered a more secureway, like a whitelist on hashfiles …
Recent Comments