top of page
  • Admin

Tricky RIPlace Ransomware Evades AV Efforts

Published: March 8, 2020 on our newsletter Security Fraud News & Alerts Newsletter.

Since its discovery last year, the ransomware called RIPlace has been getting away with the goods and not getting caught. To date, the biggest targets for the ransomware are Microsoft Windows 10 and a number of other security software providers. It took a while for RIPlace to get the attention it's getting now, and anyone running Windows XP and newer can catch the malware infection. A recent survey by Spiceworks finds that 33% of businesses are still using Windows XP on at least one computer. When ransomware evades security software, the cost to enterprise could be monumental.

Ransomware has a history of freezing and encrypting entire systems until the victim pays a ransom demand. Healthcare, law enforcement, universities, and city governments continue to be paralyzed by ransomware attacks. When first discovered by security experts, RIPlace ransomware wasn’t a major concern. Its use was limited and hadn’t risen to the level of major attacks. But now, things have changed since Microsoft and other security software were duped by the malware. With just a few lines of code, RIPlace managed to evade ransomware protection features in Windows 10 and more. The ransomware works simply by renaming and replacing files so antivirus software can’t detect it. Currently, security experts haven’t yet figured out know how to stop the elusive attacks.

Nyotron, the company that first discovered RIPlace, found the ransomware can bypass Symantec Endpoint Protection and Microsoft Defender Antivirus. The company offers a free tool for users to test their system and security software against RIPlace.  As of writing, only Kaspersky and Carbon Black have modified their software to address the RIPlace threat. For everyday users, the advice is to be vigilant against email phishing. Phishing continues to be the biggest source for malware infections and clicking on bogus emails can redirect the user to fake websites that steal sensitive data. Opening attachments can install malware as quick as a click. Keep your cyber-smarts sharp and only open and act upon emails you can verify are from trusted sources.

Also remember that Windows XP is no longer supported and Microsoft feels no urgency to create patches for it. So, if you are one who is still using that operating system, seriously consider upgrading to a version that is still supported so you'll always get the latest patches.

Want to schedule a conversation? Please email us at

9 views0 comments


bottom of page