Detect Outlook Ransomware emails with RansomSaver
RansomSaver is an add-in for Microsoft's Outlook messaging software that detects and protects against ransomware emails.
Email is one of the main attack vectors of ransomware attacks. While there are other means of distribution, email is still a lucrative option considering that attackers may send emails to millions of users in a short period of time.
It does not help either that a lot of computer users are still undiscerning when it comes to email security. If all users would be very careful in regards to links and file attachments, the overall situation would be much brighter in regards to computer security, hacked accounts and botnets.
RansomSaver
RansomSaver is an add-in for Microsoft Outlook. The add-on is compatible with all 32-bit and 64-bit versions of Microsoft Outlook starting with Outlook 2007 and including Outlook 2016 and Outlook for Office 365. It runs on all systems newer than Windows XP.
The application is installed as an Outlook add-in which means that it is integrated into Outlook automatically when you install it. It works out of the box, and comes with a handful of options on top of that.
The program's main function is a scan for ransomware. It checks emails that you select for ransomware attachments, and may delete the entire message or only the attachment.
The add-in moves the emails to a special folder called RansomSaver that it creates as a child folder of deleted items in Outlook.
It is unclear from the description on the developer website how the add-in determines whether an attachment is potentially malicious or not. The FAQ lists extensions that RansomSaver considers suspicious.
The options that the program supports are simple: you may enable or disable the removing of attachments and/or emails, disable the scan functionality until the next Outlook start, and disable the scanning of the deleted items folder of Outlook.
Options are accessible from the add-in's toolbar. There you find options to scan existing folders for ransomware attachments and a link to the incident log as well.
Here is a short video that highlights the add-in's functionality:
Closing Words
RansomSaver serves two main purposes: to detect potential threats when users open emails, and to scan all existing emails for threats. Experienced users won't have much use for it, at least not when it comes to their own systems, but it may protect inexperienced users from executing file attachments on their devices.
You said that Outlook isn’t your main email client, so which is your main one?
I think its thunderbird
It is Mozilla Thunderbird.
Awesome! This actually solved my problem… what a stupid bug.
If this is the same bug that I’ve encountered, there may be another fix: (1) hover over open Outlook item in Taskbar, cursor up to hover over Outlook window item, and right-click; (2) this should give you Restore / Move / Size / Minimize / Maximize — choose Move or Size; (3) use your cursor keys, going arbitrarily N/S/E/W, to try to move or size the Outlook window back into view. Basically, the app behaves as though it were open in a 0x0 window, or at a location that’s offscreen, and this will frequently work to resize and/or move the window. Don’t forget to close while resized/moved, so that Outlook remembers the size/position for next time.
THANK YOU Claude!!! I could get the main window to launch but could not get any other message window to show on the desktop. You are my hero!!!!
Solved my issue! 6 years later and this is still problem…
Fantastic. Thank you. Size did the trick.
This solved my Outlook problem, too. Thank you. :)
Thank you so much, this started happening to me today and was causing big problems. You are a life saver, I hope I can help you in some way some day.
You are a god – thank you!
thanks a lot…. work like charm.. :-)
Yah…thanks Claude. I’ve been having the same problem and tried all the suggestions…your solution was the answer. It had resized itself to a 0/0 box. Cheers
Excellent post. This had me baffled even trying to accurately describe the problem. This fixed it for me.
Thank you
Thanks a lot for the article. Don’t know why it happenend, don’t know how it got fixed, but it was really annoying and now it works :-)
Thanks a lot. I was facing this issue from past 3 week. I tried everything but no resolution. The issue was happening intermittently and mainly when I was changing the display of screen ( as i use 2 monitors). The only option i had was to do system restore. But thanks to you.
I’ve been tried to sole this problem for 12hours. Your comment about changing the display of screen helped me a lot!! Thanks!!
Thank you…don’t know why this happened but your instructions helped me fix it. Running Windows 10 and office pro 2007
Great tip! Thanks!
Worked for me, too – thank you!!!
It’s Worked for me, too
thank you very much!
I had a similar issue with Outlook 2013 on Windows 10 and this helped me to fix it. Thank you very much!
Thank you so much. Solved!
Considering you published this in 2012, incredible not been debugged by Microsoft.
Thank you again. M
This problem was faced by only one user logging to TS 2008 r2 using outlook 2010.The issue was resolved.
Thanks.
Great tip. Thank you!!!! If it helps, I had to use the Control Key and the arrow keys at the same time to bring my window back into view. Worked like a charm.
Thank you, this worked !!!!
Man, you are a fucking god. Thanks a lot, what an annoying bug!!
Awesome, this post solved the issue. Many thanks!