Raccine Alternatives

Raccine reviews and mentions

• Did anyone ever consider montoring Windows server vss snapshot quotas for ransomware purposes?
  2 projects | /r/sysadmin | 9 Aug 2022

  Shout out to Raccine https://github.com/Neo23x0/Raccine

• Security Cadence: Ransomware Part 2 - Actions on Objectives
  2 projects | /r/sysadmin | 21 Mar 2022

  There's a clever little utility for that called Raccine: https://github.com/Neo23x0/Raccine.

  2 projects | /r/SecurityCadence | 14 Mar 2022

  However, a more useful control would be to detect the process responsible for deleting shadow copies and to kill it. There's a clever little utility for that called Raccine: https://github.com/Neo23x0/Raccine Just note that if you have some sort of legitimate process that deletes shadow copies, Raccine will not discriminate in killing it. However, if you don't have anything preventing you from doing something like this, you can potentially kill a ransomware infection right at the start with a simple free utility. Neato.

• BullWall Ransomcare
  1 project | /r/cybersecurity | 15 Sep 2021

  If you're looking at a ransomware-specific endpoint protection tool, consider Raccine. https://github.com/Neo23x0/Raccine

• Alert for ransomware that bypassed endpoint protection
  2 projects | /r/blueteamsec | 7 Jul 2021

  Back to your original question, assuming a conventional AD-centric Windows environment, I would recommend starting with AppLocker to whitelist approved apps and host-based firewall to whitelist approved connections, enable detailed powershell logging, monitor for east-west wmic/SMB/RDP connections (monitor at host level and at network level), and use a tool like RITA to detect beaconing activity. Also consider blocking DOH, retaining DNS logs, and if you don't have a well-tuned EDR/XDR and SIEM, deploy sysmon and use WEF/WEC to centralize logs (SwiftOnSecurity and Olaf Hartong on github have very good starting points for sysmon configs and Microsoft's MSLab github repo has a good scenario for testing sysmon/WEF/WEC with alert recommendations from NSA and Palantir). If you have no centralized logging/analysis/alerting in place AND a managed solution like SecureWorks or a guided deployment of Defender are not realistic, consider starting with Security Onion. If your organization is in a critical infrastructure sector, you should definitely look into the risk and vulnerability assessment and no-cost cyber hygiene services offered by CISA (see https://www.cisa.gov/cyber-resource-hub). Also, have you considered testing/deploying Raccine? https://github.com/Neo23x0/Raccine

• methodologies for detecting ransomware
  2 projects | /r/Malware | 5 Jan 2021

  checking for shadow volume copy deletion and certain other ransomware-specific commands (see, e.g., Raccine but beware that it is NOT a vaccine but a generic detection method, the name is really just wrong)

• A note from our sponsor - InfluxDB
  www.influxdata.com | 17 May 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →