A New Weapon Against Ransomware

Category: Security

Malwarebytes, maker of the venerable MBAM security software, has released a beta version of a new tool that guards against all known variants of ransomware, the company announced on January 25. Malwarebytes Anti-Ransomware uses behavioral analysis to detect and block malware that attempts to encrypt a user’s data and extort a ransom payment.

MBAM Joins the Anti-Ransomware Battle

Ransomware is a rapidly evolving breed of malware that scrambles a user's data and demands payment. Examples include CryptoWall4, CryptoLocker, Tesla, and CTB-Locker. There are variants of each of these, and bad guys are constantly revising, improving, and disguising their wares. Traditional signature-based virus detection cannot keep up with new signature variations. Thus, Malwarebytes Anti-Ransomware (A/R) focuses on what a program does rather than what it looks like.

Victims of ransomware generally don’t know their data has been encrypted until a popup screen informs them. The message tells the victim that a ransom must be paid in exchange for the key that unlocks the data. Sometimes, the blackmailers want payment in untraceable Bitcoins, but they may also demand a wire transfer or prepaid debit card. Ransom amounts are usually $500 or more.

MBAM Anti-Ransomware

Malwarebytes A/R constantly monitors the activities of all running programs, looking for behaviors typical of ransomware attacks. When a given program exhibits enough signs of ransomware behavior, Malwarebytes A/R blocks the program’s actions and quarantines it before it has a chance to encrypt any files.

“During development, Malwarebytes Anti-Ransomware has blocked every single ransomware variant we have thrown at it,” the developers said in an announcement. “We are extremely satisfied with its results and are excited to bring this technology to our user community for further testing.”

Since this is the first beta (public test) version, it should not be installed on a mission-critical computer. There may be bugs in this early release, but if you want to give Malwarebytes A/R a try, you can download the Windows version from this MBAM blog page. It’s free of charge in the beta version.

What Happens After the Beta?

In addition to the MBAM Anti-Malware products, MalwareBytes offers several other free downloads you may find useful. Check out Malwarebytes Anti-Exploit, the Junkware Removal Tool, Anti-Rootkit BETA, StartUpLite, FileASSASSIN and RegASSASSIN on their Downloads page.

When Malwarebytes A/R passes beta testing, it will be not be a standalone product. It will probably end up in the paid version of the company’s security software. This is just an educated guess based on the fact that the free version of MBAM does not include the real-time behavior monitoring protection of paid versions. Currently, the Premium version of Malwarebytes Anti-Malware costs only $24.95 per year, a bargain among top-tier antimalware suites.

Ransomware is commonly distributed via compromised websites and exploit kits. But ransomware is now showing up in malvertizing - random ads infected with malware that may pop up on any site you visit. Some ransomware targets gamers; other breeds go after businesses and government agencies (including several police departments); but ransomware can also hit random home computer users.

Anti-ransomware features in security software are nice to have, but the best protection against this threat is frequent backup of all your critical data. You don’t need to pay ransom or protection money if you have a current backup; just wipe the infected machine clean and restore all but the most recent data.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 29 Jan 2016


For Fun: Buy Bob a Snickers.

Prev Article:
Scams, Hoaxes, Myths and Their Busters

The Top Twenty
Next Article:
ASCII Art - An Enduring Internet Treasure

Most recent comments on "A New Weapon Against Ransomware"

(See all 21 comments for this article.)

Posted by:

Kenneth Heikkila
29 Jan 2016

I still have problems with Iobit (MBAM)they have too many popups/try to install PUPs 9& in my case succeeded).


Posted by:

Joe S.
29 Jan 2016

I keep my machine's data fully backed up onto removable hard drives, so if it were ever ransomed, I'd never pay extortion money---I'd just say adios to an aging machine and start over again.


Posted by:

Bob D
29 Jan 2016

Because unplugging and replugging USB connectors is a nuisance, I keep my "daily" USB-external backup disks plugged in and ready (not ejected), which means that malware can reach them. It would be helpful if a computer's user could hide connected external disks with a Windows command, and then "connect" them with a command, instead of pulling out the plugs and re-plugging.

Why Windows lacks a mount/dismount command for external disks escapes me.


Posted by:

William B
29 Jan 2016

Downloaded and installed. No problems as of now.


Posted by:

Sheri
29 Jan 2016

Can malicious entities encrypt all the data on our hard drives, even when we are logged on to Windows as standard users? If so, that is a very serious problem that Microsoft should address directly!


Posted by:

Sheri
29 Jan 2016

I also want to say Bob, that since you changed your website, when the Post Comment (click once and wait message) started appearing, LastPass will no longer fill in my details! This is really annoying, as I hate having to type my email address in every time.


Posted by:

Marlin
30 Jan 2016

Wellllllllll........the program decided about 5 components of McAffee suite were "ransomeware". I ended up having to uninstall McAffee and resinstalling it. So much for "ransomeware."


Posted by:

Richard Dengrove
30 Jan 2016

A friend was backing his software up at three different websites, and Ransomware infiltrated through one of them. Now all his files are locked up.


Posted by:

Joe
30 Jan 2016

I am using CryptoPrevent for three years. It is an Anti-Virus/Security Software Supplement, originally designed to prevent infection from the CryptoLocker threat which emerged in late 2013. Since that time, CryptoPrevent has grown into a robust solution, providing protection against a wide range of ransomware and other malware. The free version works well, requiring manual updates. The premium version provides automatic updates. The website link is https://www.foolishit.com/cryptoprevent-malware-prevention/


Posted by:

William B
30 Jan 2016

Let me update my prior statement. I opened my Google Chrome a while ago and Malwarebytes Anti-Ransomware ate my Google Chrome. It wiped it out. I had to uninstall Malwarebytes A/R and download and install Chrome off of my Edge browser. Think I will leave it alone until all the bugs are out.


Posted by:

Therrito
30 Jan 2016

This is great! I plan to get it as soon as the completed version is available.

Another great article, Bob. Thank you.


Posted by:

Carrie
30 Jan 2016

Our home computer was struck by a Ransomware attack.Had to take it to our computer guy to wipe it and reload. He suggested getting an external hard drive in case it happens again we can just switch it.
I have the free MW Bytes but 24.95 a year is a bargain so we will be buying it.

Our computer guy said that companies that are hit with this ransomeware (which operate exactly as you describe, Bob) will often pay to get their data back. I find the idea of paying the attackers abhorrent and told my partner I would rather pay our computer guy to fix it or toss the computer rather than to pay off the bast*&^ that hijacked our computer.


Posted by:

Bev
30 Jan 2016

MBAM is $25/lifetime, or so it used to be. I have 5 lifetime licenses. Did that change?


Posted by:

Bev
30 Jan 2016

Never mind my comment - it did change to $25/year. .....


Posted by:

MmeMoxie
30 Jan 2016

I have 3 different Back Ups, one on a DVD disc, one on a Cloud and one on my External Drive. I feel pretty comfortable with that.

I did download the Beta version of MBSM Anti-Ransomware. It says that I am Fully Protected and there is nothing in the Quarantine section. I also have Bitdefender's Anti-Ransomware. Both are free. I don't know if, one cancels out the other or not. They don't seem to be conflicting one another.


Posted by:

Jerry
30 Jan 2016

I've tried this new beta ransomware program. While doing my weekly scans it deemed Wise Disk Cleaner as ransomware and froze out the software. Had to re-download it. Also, it said PrivaZer was also ransomeware. I have since deleted Malwarebytes Ransomeware from my PC. I will wait for ALPA version.


Posted by:

Al. S
30 Jan 2016

I installed it and it immediately identified my Zinio Reader as Ransomware and blocked me from reading Magazines I paid for. It also nagged me every few minutes to restart my Computer. Still have to check if anything else was removed. No more Ransomware from Malewarebytes for me. I also removed Malewarebites as it takes forever to scan. Superantispyware is fine


Posted by:

Bill F
30 Jan 2016

I installed this today, and 30 minutes later it quarantined part of McAfee AV.

I visited the Quarantine Tab on MalwareBytes Anti-Ransom, but was unable to restore the quarantined files. Instead, when I tried, I got the message "cannot restore files that have been marked for deletion upon reboot".

That was enough for me. I uninstalled MBAM anti-Ransom and then found that my real time virus scanning had been permanently turned off. I had to download yet another program McAfee Virtual Technician, in order to fix that.

I realize I'm not the most computer literate guy in the world, and maybe Bob Rankin would have no problems with any of this .... but for me, it's more headaches than I want or need.

I already make frequent backups, so perhaps I'm better off just avoiding this beta.


Posted by:

Bob Greene
02 Feb 2016

Malwarebytes is a solid performer, and I have used it for years. And now, with a behavior-driven, anti-ransomeware feature, it will be a heavyweight contender in the battle against malware.
Yes, the best defense against a ransom note on the screen is a safe system backup (or two or more others) already safely stored away. The only problem is few people actually make a regular system backup, which leaves far too many users wide open to the most devastating attack possible.
And is precisely why there is an ample market for this promising new product from Malwarebytes.


Posted by:

Rene LeBlanc
13 Feb 2016

Here, you seem to be promoting Malwarebytes, but in your same newsletter, you highlight (Huge Security Hole in Malwarebytes) a serious security problem with Malwarebytes. Which view do you want to take?


There's more reader feedback... See all 21 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- A New Weapon Against Ransomware (Posted: 29 Jan 2016)
Source: http://askbobrankin.com/a_new_weapon_against_ransomware.html
Copyright © 2005 - Bob Rankin - All Rights Reserved