Free Protection Against Ransomware

Besides good backups, people should remember to not open unknown files from unknown people.

I use Cybereason (cybereason.com) RansomFree - free ransomware protection. Info can be found on their website. Go to Products and Services and pull down RansomFree, and you can download it from there. The company is staffed by ex-military cybersecurity experts who really know what they are doing. I do have Trend Micro also, but RansomFree is my first line of defense.

Kaspersky Anti-Ransomware Tool . . . for BUSINESS is the one you mention (but didn't add the "for Business") and according to the application, requires a minimum of 10-24 employees. Think it will be okey to install this free edition as a single private computer user?

@RichF - Just because an email comes from a known person DOES NOT mean it's safe! I had a client today who tried to open 4 separate links in an email, all of which were identified as malicious by his antivirus, but he went ahead anyway because the email was from someone he knew. Big mistake. He wasn't able to open any of the links, as far as he could tell, but suddenly all of his contacts started receiving the same message from him, with the same 4 links. Not yet sure of the full fallout.

It's surprising how many people will click a link after their software tells them it's dangerous, or will download files from unknown sources, and then wonder how they got a virus.

Always check the status bar when you hover over a link in an email. If it doesn't match what's on the page, do NOT click it!
-

The best advice was to maintain up to date backups of one's data. It is far more effective to be proactive than to be reactive.

Backups will also protect one's data from other evils, such as other kinds of malware, drive failure, theft, natural disasters, etc.

I changed my Windows operating mode from Admin to Standard, and cannot install or upgrade anything without my keying in the Admin p/w.

Does Standard mode prevent ransomware since it's now impossible to install anything. How can ransomware install now?

All very well - just do backups & problem solved apart from user behavioural issues.
That's the essence of the problem:
1) Most PC' have huge amounts of data, some critical, some trivial & a vast amount that can be sacrificed if necessary but which is often Tb in size.
2) This data is commonly stored on 2 or 3 internal HDs & only rarely is organised for quick selective backup.
3) Backup is tedious & not easy to automate.
4) It's not easy to test the backup or even retrieve what has been backed up. Who has not had experience of "that ***** backup does not work"!
Finally I doubt the infection vectors generally mentioned are the only sources. How frequent these days that unwanted videos & audio messages are forced in users whilst browsing despite adblocks of various designs. If this can so easily happen, surely so can a ransom program be similarly presented?

I just bought a new Mac mini and accidentally changed my admin status to standard. After that happened I couldn't do anything with the computer. I called Apple and they said to bring it back and exchange it for a new computer which I did and Best Buy gave me a new Mac mini.

"and accidentally changed my admin status to standard....couldn't do anything with the computer."

The problem with just changing to Standard mode is you lost the ability to access Control Panel > User Counts > etc and change it back.

That is why you create a new user admin mode FIRST. That allows the ability to change all user account modes.

[but now sure how is was "accidentally" changed. It requires several specific steps.]

@Peter O 1. So what if one has huge amounts of data? That's not a reason to not backup all that data (it's not even a poor excuse).

2. Data backups can easily be in the form of duplicates of the original drives.

3. When using the right back up programs, backups are easy to do. Just start them and let them run until done. Easy peasy. You can still use the computer while the backup is updating.

Automating backups is a very bad idea since it requires keeping the backup drives connected to the computer at all times, subjecting them to the same malware and user error (mostly accidental deletions) that can corrupt or destroy the original data. Backup drives should be connected to a computer only when updating a backup.

4. Both Macrium Reflect and FreeFileSync have provisions for verifying backups (although the latter requires a hack to do so, it works very well). Retrieving lost data with both programs is easy.

Your backups will not get infected as long as the backup drives are not kept connected to the computer and you run security scans before updating the backups.

@Bob Rice: Running as a Windows standard account rather than 'admin' is *not* protection against viruses or specifically, ransomware. This is malware that runs in standard user space, does not install itself as a Windows program, and can encrypt any file that you, as a standard user, can edit.

Or, in other words, a standard user can still get infected and lose files to ransomware, but the system itself should not be effected. Indeed, ransomware does not try to hide; it wants you to pay the ransom.

What is a safe backup? Pretty much all of my stuff is also in the cloud...Dropbox and pics in Google Photos. Would the encryption also update (encrypt) them? I also have backups on an external HDD...since it is always on and attached, would its data be encrypted?

@Mike You should never have your backup drive always on and attached to avoid having it also get encrypted as well as lose data to other malware, etc. Backup drives should never be connected to the computer except when updating the backup. If the backup drive has it's own power supply, that should also be kept turned off except when updating a backup.

It's a strong possibility that your cloud data could also get encrypted since Dropbox and Google do not have the best security. Those sites are for storage, not backups. Good, paid cloud backup sites, such as Carbonite.com, Crashplan, and Backblaze are far more secure.

I'd like to take a belt and braces approach if it poses no problems.
Is it possible to run both BitDefender's offering and RansomFree at the same time?
They appear to take different approaches in identifying the offending malware, think it could be helpful to have them both running at the same time.

CryptoPrevent is very good. Free and paid versions:

https://www.foolish*t.com/cryptoprevent-malware-prevention/

I received an email from MBAM (MalwareBytes Antimalware) this morning saying the fulltime protection of their paid version of MBAM already includes the latest ransomware to come out. Still, having multiple, full backups of one's data is the best single defense.

I downloaded Bitdefender's anti-ransomeware tool yesterday. This morning, my MBAM Premium (which has anti-ransomware protection), had its internet protection turned to "Off." The 2 software packages didn't like each other. I have paid for MBAM and got Bitdefender for free. Should I negate MBAM (paid) for Bitdefender (free)? Your thoughts on this would be appreciated. What do we do if we try one of the other tools and have the same thing to happen? (After all, you've been recommending MBAM for a very long time....)

I find it ironic that a technology used to make data more secure, encryption, in now being used against us.

All software in this article are for Windows 7 & above. Barkly is trialware for 15 days.

EDITOR'S NOTE: Vista has 0.5% market share, XP has about 6%. So I don't cater much to those platforms.