Planning a proactive defense against ransomware is easier than attempting to recover after it strikes. Learn about security utilities for detecting and preventing a ransomware attack.
As ransomware continues to gain popularity with cybercriminals, new and more advanced types of ransomware attacks are proliferating. In much the same way that antivirus and antimalware programs are used by businesses and individuals alike to protect their devices, ransomware detection tools are increasingly vital for safeguarding your devices.
SEE: Incident response policy (Tech Pro Research)
While established antivirus vendors offer protection against ransomware attacks as part of their antivirus suite and as standalone free products, new security firms focusing specifically on combating ransomware also provide robust solutions.
Trend Micro RansomBuster
Security research firm Trend Micro offers the RansomBuster detection program free for personal and business use. Effectively, this solution prevents programs from modifying files in specified folders. It has a whitelist that allows known, common programs such as Microsoft Office to operate without prompting the user. It can also identify and stop known ransomware from executing at all.
RansomBuster is included as part of Trend Micro Antivirus+ Security, which costs $29.99 per year.
Bitdefender Anti-Ransomware Tool
Bitdefender's utility for stopping ransomware relies on a particular quirk of the way many ransomware attacks are designed. If a computer appears to already be infected, ransomware such as TeslaCrypt and some versions of Petya will disengage to prevent already encrypted files from being encrypted a second time. Bitdefender's tool runs in the background to maintain certain files that make a computer look like it's already infected. Naturally, this only works against ransomware that has these types of checks.
This utility is included as part of Bitdefender Antivirus Plus 2018, which costs $39.99 per year.
Relative to the offerings by Trend Micro and Bitdefender, which are effectively add-on components from existing antivirus vendors, RansomStopper is a standalone product from the security startup Cybersight. Rather than simply write-protect folders from unknown programs, the solution attempts to analyze running processes for behavior consistent with that of ransomware. Notably, it can be used in conjunction with a pre-existing antivirus program without conflicts.
The business version features email alerts and report generation, a web-based administration system, as well as support for Windows Server. Support for MBR protection on disks is limited to the business version. The home version is available freely, while licenses for the business version are $30 per computer, with discounts available for large-scale or enterprise deployments. The Windows version is available now, while support for Linux and Mac OS are planned for Q2 2018.
SEE: 17 tips for protecting Windows computers and Macs from ransomware (free PDF) (TechRepublic)
Cybereason's anti-ransomware uses a variety of methods to prevent ransomware attacks, including checking programs against known hashes of ransomware programs, and analyzing the behavior of currently running programs. As the name implies, RansomFree is available free of charge for home and business use. The core technologies behind RansomFree are included in Cybereason's enterprise security services.
In the Fall Creators Update of Windows 10 (version 1709), a new feature called Controlled Folder Access was added to Windows Defender. This new security feature prevents unauthorized apps from accessing core Windows system files and folders, which contain personal information. Protection for specific folders can be configured manually as well. The feature requires Windows Defender real-time detection to be enabled. At present, it is not compatible with third-party antivirus software.
What to do if your machine is infected with ransomware
On principle, paying the authors of ransomware shows that ransomware works, which further encourages this type of criminal activity. The old adage "There is no honor among thieves" applies here—likewise, there is no guarantee that you will get your data back, even if you do pay.
Depending on the type of ransomware in question, it may be possible to decrypt and recover your files without paying anything. The No More Ransom project—a collaboration between Europol, the Dutch National Police, Kaspersky Lab, and McAfee—provides decryption tools for dozens of widespread ransomware types, including Jaff and TeslaCrypt.
- North Korea hackers behind massive WannaCry attack, White House says (TechRepublic)
- WannaCry: The smart person's guide (TechRepublic)
- Cisco's iOS security app aims to help smartphone users combat malware and ransomware (TechRepublic)
- How to avoid ransomware attacks: 10 tips (TechRepublic)
- The ransomware debate: Should you pay to get your data back? (TechRepublic)
- The future of cyberwar: Weaponised ransomware, IoT attacks and a new arms race (TechRepublic)
- Ransomware's bitcoin problem: How price surge means a headache for crooks (ZDNet)