Strange folders and files appeared on my disk

Resolving problems,

I’ve noticed an increased number of people asking about strange files and folders appearing on their computer drives. Like this…

cybereason_ransomfree_honeypotfiles

Cybereason_RansomFree_HoneypotFolders.png

These folders and files are named randomly to avoid being targeted or ignored by ransomware writers.

I’ve instantly recognized the pattern with users asking about these “strange” files…

It’s Cybereason’s RansomFree Anti-Ransomware tool, the one I’ve actually wrote about here and I’ve even tested it myself and it’s very effective. You can read more about it here.

Cybereason RansomFree also notifies users about this, but either people click over it quickly or forget about it…

Cybereason_RansomFreeNote.png

These folders and files are called “honeypot” files and they are placed there to trick ransomware into fiddling with them and when ransomware does that, RansomFree pounces on it. Ransomware is captured and you don’t actually lose any of your real documents.

Be aware that if you have such strange files and you haven’t installed Cybereason’s RansomFree or any other security product that uses similar protection mechanism, I suggest thorough scanning of the computer with security software (antivirus).

10 thoughts on “Strange folders and files appeared on my disk

  1. Awesome! I searched for folder names and stuff, after deleting them in several locations and they kept reapearing.. I nearly freaked out, scan this shit with different AVs but no results. Was about to let it check by a well known Anti Trojan board, or format all my boards.

    Today I received an update and thought.. could it.. maybe.. ok let’s google this “cybereason ransomware folder”, plop here I am. 😀

    This helped me alot! Thank you!

    Liked by 1 person

    Reply

  2. dam I also freaked out when I saw this, used ProcMon to detect which program did this… I managed to guess its from cybereason ransomware protection… googled it and found your site haha

    Like

    Reply

    1. It may happen in certain occasions that files and folders will remain there even after uninstallation. I think it happens when you do a Windows Reset because it removes the programs, but treats honey pot files as user data and leaves them there. And sometimes during big Windows updates which break uninstall chain and even though you uninstall the program, they remain there. It’s no biggie though. They are located in root folder of each partition, in ProgramData, Users folder and in all important data folders (Pictures, Music etc). They are always placed as first and last folder so it’s easier to find them and delete them manually if required. May be annoying, but that’s the nature how program works and it may go bad in rare cases. But files are harmless if left there and you can delete them manually no problems in such cases.

      Like

      Reply
  8. Pingback: Strange folders and files appeared on my disk - Core-Infosec

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s