You are on page 1of 13

0:24 / 2:44

Sandboxie Isolation Demonstration : Cryptoplocker (Crilock) Ransomware
432,239 views
519
40
Share
Save
Invincea
Published on Feb 2, 2014

In this video,we will be performing a basic demonstration of the powerful isolation capabilities
of Sandboxie against the well-known CryptoLocker (Crilock) ransomware threat.
This demo is being performed with a default installation of Sandboxie V.4.0.6.

Category
Science & Technology
Music in this video
Learn more
Listen ad-free with YouTube Premium
Song
Near Light
Artist
Ólafur Arnalds
Album
Living Room Songs
Licensed to YouTube by
finetunes (on behalf of Erased Tapes); Kobalt Music Publishing, UBEM, AMRA, ASCAP, Adorando
Brazil, and 25 Music Rights Societies
65 Comments
Default profile photo
Add a public comment...
terratec1001
terratec1001
2 years ago
1:26 - Countdown jumps from 71:59:51 to 95:09:29...?
14
Chocolatnave123
Chocolatnave123
4 years ago
Dude... Ransomware is scary. I should probably pay a bit more attention when downloading stuff.
31
Pube83
Pube83
3 years ago
Is this Sandboxie the ransomware?
1
deadhell304
deadhell304
3 years ago
@Pube83 Sandboxie creates and sandbox to protect your computer from programs that are ran
within it. Essentially it creates a virtual container within your computer. Any code ran within that
container only effects the files and processes ran WITHIN it; thus protecting everything outside
of it i.e. your computer. So if you execute a virus within Sandboxie, it will likely only be able to
effect all other files and processes you have placed into that particular sandbox and won't be
able to escape.

The video demonstrated this by placing a PDF within a Sandboxie sansbox and one just in a
normal folder. The virus was then executed within the sandbox and was able to encrypt all files
within it, but nothing outside of it. Therefore the PDF in the sandbox got encrypted, but the PDF
outside of it wasn't altered. This is because the virus was unable to escape the sandbox.

If you are going to run an unknown program, or open an none-trusted file.. of any type, you
should run it in a sandbox. Sandboxie is a great free solution, I would highly recommend it!
22
leonardosazo
leonardosazo
3 years ago
@deadhell304
Thanks man!
ARCGrayist
ARCGrayist
3 years ago
Wow. No lie, my heart skipped a beat the moment that ransomware came out. . .
26
gunner6084
gunner6084
2 years ago
+ARCGrayist me too!
terra
terra
3 years ago
Music in this video:
Olafur Arnalds -Near Light
Tycho - Cloud Generator

If only YouTube credited more than one musician...
15
John Smith
John Smith
4 years ago
I have a question. Upon reviewing the files that cryptolocker encrypted I noticed there was one
file not located within the C:\Sandbox directory

it was Penguins.jpg and it was a public file located in C:\Users\public\pictuers..ect.

Did the cryptolocker get past the sandbox or am I missing something.
I'm not trying to say it didn't work, i'm just new to sandboxing and curious.
14
The Philosopher
The Philosopher
4 years ago
Good catch! would be great to get a confirmation on this @Invincea
1
Andreas 'PAX' Lück
Andreas 'PAX' Lück
4 years ago
The file was located under "c:/Sandbox/eddie/DefaultBox/user/public". In the video he opened
"current" instead of "public".
1
John Smith
John Smith
4 years ago
@Andreas 'PAX' Lück are you referring to the .pdf? I was referring to the list of files that
cryptolocker claimed it had encrypted. @ 2:15 you can see there is a file penguins.jpg that is not
in the sandbox directory.
1
Jens Heitzmann
Jens Heitzmann
4 years ago
As far as I know about windows folders and such, the cryptolocker looks into the whole user
directory and since "public" is available to all it is a "valid" outside-sandbox-folder. To secure
even that you need a full virtual machine
1
m4rx05
m4rx05
4 years ago
@Jens Heitzmann I would think that the encrypted file is still under the sandbox, and were you
to delete the contents of the sandbox, you'd still have the original file outside of the sandbox.
From all of my experience with sandboxie, it's never allowed an outside file to be edited without
me giving it access.
1
Filmer1eX
Filmer1eX
4 years ago
Even though cryptolocker shows the path as the non-sandboxie one rest assured that the
original copy wasn't encrypted. I've been using sandboxie for years and this is how it's always
been; the path shown in a sandboxed application could be either the raw or sandboxed path and
which one is shown depends purely on the way the application fetches the directory
information. That hower has nothing to do with what's actually isolated and what's not
(everything is isolated).
7
TryingTo Correct
TryingTo Correct
2 years ago
This program is excellent. I have used it like 6 months and no viruses nor malwares comes to my
real computer. I really like this idea. I recommend everybody to use this. No... am not part of
sandboxie team... :)
5
terratec1001
terratec1001
2 years ago
I've never used it and in 12 years of computer/internet use, never had a virus or malware either.
1
TryingTo Correct
TryingTo Correct
2 years ago
@terratec1001
Yes if you do not do any mistakes. But clicking one wrong link can install a virus... humans make
mistakes. So this is like a prevention issue. the fact is that any website can install a malware on
your computer. so success in past does not guarantee success in the future.
3
notguilty
notguilty
2 years ago
cough "Never detected a virus or malware"
6
TryingTo Correct
TryingTo Correct
2 years ago
ye good point. How can one be sure they have no malware?
phatrikk123
phatrikk123
2 years ago
Hello Invcea, really interesting demonstration however I do have a question: what about
'penguins.jpg' found in c:\users\public\pictures\sample pictures\ which is clearly outside of the
sandbox and yet shows up on the list of encrypted files?
6
7bois
7bois
3 weeks ago (edited)
"Even though cryptolocker shows the path as the non-sandboxie one rest assured that the
original copy wasn't encrypted. I've been using sandboxie for years and this is how it's always
been; the path shown in a sandboxed application could be either the raw or sandboxed path and
which one is shown depends purely on the way the application fetches the directory
information. That hower has nothing to do with what's actually isolated and what's not
(everything is isolated)."
TryingTo Correct
TryingTo Correct
2 years ago (edited)
Update: Well, It seems to me with Window 10 this freezes every now and then (like once a
week) my computer (computer does not react to mouse or keyboard so needs to be booted/shut
down). After I unstalled it the computer never froze. So I think its sandboxie somehow doing it.
But still in a process of finding exactly the reasons for it.
But its possible this happens only on my computer with my hardware.
3
Edward
Edward
2 years ago
It does have a lot of conflicts. You should look at the list on the Sandboxie help page. Sandboxie
does not freeze at all for me and I have Windows 10.
1
TryingTo Correct
TryingTo Correct
2 years ago
Yes true. Now I have more information and the freeze was actually caused by the Ram-disk
software I was using so not Sandboxie. Only problem I have had is that Flash sometimes stucks,
so I dont use much flash.
ableite
ableite
3 years ago
I wonder why he used a banner to hide the recovery popup on 1:20
15
Random Stuff
Random Stuff
2 years ago
+ableite Probably was a pop-up from Sandboxie that knew Cryptolocker was malicious, but the
channel owner wanted to show a different way of solving the problem.
1
ableite
ableite
2 years ago
@Random Stuff have you ever used sandboxie? That box displays everytime you download
something in a sandboxed browser. Technically there would be nothing to hide.
Random Stuff
Random Stuff
2 years ago
+ableite oh well. let him do what he wants lol
1
ableite
ableite
2 years ago
@Random Stuff lol
ICT Masters
ICT Masters
2 years ago
Sandboxie wanted to recover the HOW_TO_DECRYPT_FILES.txt because it was dropped on the
desktop in the sandbox
3
Radosław Opacki
Radosław Opacki
3 years ago
Forever in Sandbox
9
Niv54
Niv54
3 years ago
best program i have ever downloaded
6
Max Chri
Max Chri
10 months ago
It's easy to detect sandboxie while a program is running within isolation. I've made a simple
video example. ;)
2
Tayus emaar
Tayus emaar
4 years ago
the music made me cry :'(
16
terra
terra
3 years ago
@sonya mira Music in this video somewhat mix between Near light by Olafur Arnalds and Tycho
- Cloud Generator

Sadly youtube credits only one. I must say that tycho makes very good chill music and it's usually
not sad ;)
1
Johnny
Johnny
3 years ago
+sonya mira your thoughts made you cry and how you associate them with the music.
For instance , I'm sitting in a sunny room & I listened to it during the day time. No effect what-
so-ever
Was paying attention to the instructions, not wandering off. Did you pay attention to the video ?
1
swampwiz
swampwiz
1 year ago
This appears to be a bit like tickling the dragon's tail.
3
Dan Howes
Dan Howes
3 years ago
You really should plan what you are going to demonstrate! Looked & Sounded like you have not
got a clue i think you probably confused yourself too much i the process of recording it lol we get
the gist. Sandboxie is not full proof be warned! There are fakers/virus makers out there that have
made their installers Sandbox Proof! it wont jump out the sandbox but it detects being in a
sandboxie process & then it goes to a Critical error in the installer tells you either its corrupted or
it cant run without a certain file. So forcing user to risk it if is something they really want! They
also managed to make these Pass AV Scans like Virus Total. Just be careful guys im a Super
Moderator for KAT & have seen some of these ShadowDefender is the only true Defense
5
Pen4928
Pen4928
4 years ago
cool
4
radanju3
radanju3
1 year ago
I love Sandboxie so much!!!
1
Ashish Deharia
Ashish Deharia
4 months ago
can we run pirated game in here?
SnakZ
SnakZ
3 months ago
So why did the "penguins.jpg" picture get hit also ? All of the other files was in the sendbox
except that one file
EmpressDiva AKreaLneSS
EmpressDiva AKreaLneSS
3 years ago
So lost!! And i wanna download it for a game purpose but i keep gettin dis reg pro virus scan
thingy that keeps poppin up and a few other things that is putting a virus on my computer, how
do i prevent that
Wael Isa
Wael Isa
1 year ago (edited)
I use it long time and still like to see this videos.
100% safe if you know how to use Sandboxie with auto delete for clean you sandbox.
Thom Dickey
Thom Dickey
3 years ago
This certainly opened my eyes. I am going to be much more careful in the future and do my best
to education those around me that we share files.
Onur Kaplan
Onur Kaplan
3 years ago
Bu amına kodumun sandboxunu kurarken hata alıyorum lan oçlar yardım edin amk
aboy014
aboy014
3 years ago
+Onur Kaplan /hgahahaha
Sekizo AMVs
Sekizo AMVs
3 years ago
Sam and Dean
James Tan
James Tan
2 years ago
hi, does the software in sandbox able to read any hdd or files on c drive or other drive?
Hans Henrik Bergan
Hans Henrik Bergan
2 years ago
+James Tt by default, yes, it can read everything on your harddrive. but, by the use of the
(individual) Sandbox Settings -> Resource Access, you can chose to hide real folders / files / etc,
so for example, everything in C:\users\James\ is not readable by programs inside the sandbox
Ace
Ace
1 year ago
man that's risky,
Darren T
Darren T
4 years ago
?
Eduardo Oliveira
Eduardo Oliveira
3 years ago
...
Up next
Autoplay
22:08
How to Avoid Malware
Britec09
15K views
20:16
Le mystère du «vaisseau extraterrestre» au fond de la mer Baltique
Guy Fawkes
Recommended for you
9:49
This is what happens when you reply to spam email | James Veitch
TED
31M views
4:44
Inspiring Moments Of Respect In Sports
Heart Of Champions
Recommended for you
9:04
Sheldon tries to teach Penny a "little" physics
Luca Raffo
Recommended for you
14:03
Millionaire - Whiz Kid Sojas Wagle's Path to the Top (Nov. 15, 2016)
Chad Mosher
Recommended for you
15:04
Fiber optic cable deployment along railroad
GM Plast A/S
108K views
16:07
7 TECHNIQUES DE PERSUASION du Loup de Wall Street (appliquées au webmarketing)
Marketing Mania
Recommended for you
11:24
Fixing the DISASTER - Server Room Vlog Pt. 1
Linus Tech Tips
1.9M views
15:33
Worth It S5 • E6
$6 Sandwich Vs. $180 Sandwich
BuzzFeedVideo
Recommended for you
New
8:47
How to Start a Speech
Conor Neill
Recommended for you
8:40
Watch CryptoLocker in action
SophosGlobalSupport
476K views
10:48
la calculatrice humaine
le Boucher de Berlin
Recommended for you
11:45
And Now! Most Emotional Soldiers Coming Home Moments | Part 1 | RESPECT
Respect - More Than Just a Word
Recommended for you
8:53
REST API concepts and examples
WebConcepts
2.5M views
10:21
More adventures in replying to spam | James Veitch
TED Archive
Recommended for you
10:28
How to recover data from a hard drive (stuck heads: buzzing, clicking, etc)
DIY Perks
6M views
21:31
The mind behind Linux | Linus Torvalds
TED
1.3M views
8:37
Cryptolocker Removal and Decryption by Purchase
Dan Mullen
176K views
13:43
How easy is it to capture data on public free Wi-Fi? - Gary explains
Android Authority
1.6M views
26:18
Envoyé spécial - Prof à la gomme - 03 nov 2016
Envoyé Spécial
Recommended for you
7:22
Hub, Switch, & Router Explained - What's the difference?
PowerCert Animated Videos
602K views
13:52
How to Use VirtualBox (Beginners Guide)
TechGumbo
224K views
5:27
Showing a Craigslist scammer who's boss using Python
Engineer Man
1.4M views
20:04
What is VMware vSphere ESXi and vCenter?
Rob Willis
113K views
18:41
Scammer Lost His Mind After Failed SYSKEY
Kitboga
2.5M views
5:10
Petya Ransomware Demonstration
MrDevStaff
24K views
10:28
15 Windows Settings You Should Change Now!
ThioJoe
2M views
7:11
Microsoft word tutorial |How to insert images into word document table
rahmat maulana
247K views
6:43
How to install and use Sandboxie
Bobi's Tutorials
35K views
6:22
How To Use Sandboxie
Cyber Resistance
17K views
7:47
HOW TO FIX " Your personal files are encrypted! " popup from CryptoLocker ransomware
Anti Computer Virus
325K views
8:57
Playing with WannaCry Ransomware
TWiT Netcast Network
450K views
6:05
How a DNS Server (Domain Name System) works.
PowerCert Animated Videos
648K views
7:25
How to Remotely Shutdown any Computer with CMD New 2018
TechNo Fun
278K views
8:32
Top 5 Cool Free Software You Need
ThioJoe
579K views
16:34
You can learn Arduino in 15 minutes.
Afrotechmods
2M views
15:11
What are certificates?
itfreetraining
334K views
13:31
What is?: Sandboxie?
TonisTech
45K views
18:14
CryptoLocker Ransomware What You Need To Know
Britec09
211K views