[LOCKED!] The Latest in Anti-Ransomware
Ransomware is the Internet bogeyman of the moment. This breed of malware, which encrypts the data stored on infected machines and then demands a payment for the key that unlocks the data, is the fastest-growing threat online today. The tech press has ensured that awareness of ransomware is at an all-time high. Are you protected? Read on…
Protecting Against Ransomware
It comes as no surprise that security firms are rolling out anti-ransomware utilities as fast as they can. I wrote about the Malwarebytes Anti-Ransomware utility in January. It was brand-new then, and is still in beta (testing) mode. Other anti-ransomware utilities, all of them free, have joined the fray.
Bitdefender just released a Crypto-Ransomware “vaccine” that prevents installation and execution of certain types of ransomware. The vaccine is an extension of Bitdefender’s CryptoWall vaccine, a one-trick pony that blocked only the CryptoWall ransomware program. The extended vaccine blocks variants of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families. That’s a large group of ransomware, but it’s not all of the possible ransomware threats in existence.
Bitdefender’s vaccine works by detecting a ransomware package’s attempt to check whether the ransomware is already installed on a machine; if that check attempt is observed, the vaccine blocks it and neutralizes the ransomware package. The three families of ransomware mentioned above all have this “check for previous installation” feature.
At first, I thought it was pretty dumb for Bitdefender to tell the world - including the bad guys - exactly how its vaccine detects ransomware. It seems obvious that malware authors can simply omit the check routine and evade Bitdefender’s vaccine. But they probably won’t, because it would be bad for business.
Here's why: If a ransomware program encrypts a drive that’s already been encrypted by another copy of the ransomware program, it will be impossible to decrypt the double-encrypted drive. Victims won’t pay ransoms if it becomes known that doing so will not get their data restored. So the check for previous installations is critical to the bad guys’ business model, and unlikely to be omitted.
More Anti-Ransomware Tools
However, there are less thoughtfully written ransomware programs out there, and Bitdefender’s vaccine won’t stop them. Malwarebytes’ Anti-Ransomware utility employs a variety of behavior analysis methods, probably including the check that Bitdefender uses, to detect and block every known ransomware program.
CryptoPrevent is one of the earliest anti-ransomware utilities. It was released in 2013, in response to the CryptoLocker ransomware threat. Now CryptoPrevent is entering its 8th edition, with more protection against ransomware and other malware threats.
CryptoMonitor is another free utility that claims to protect against all known varieties of ransomware.
There are also tools that attempt to eradicate ransomware infections, with varying degrees of success. If your computer is already infected, try one of these tools.
Trend Micro’s AntiRansomware Tool comes in two versions for two different types of ransomware “scenarios.” “Lock Screen” ransomware simply overlays the victim’s screen with a demand for payment, preventing access to the computer. Crypto ransomware actually encrypts data, and is the more difficult threat to overcome.
The Talos decryptor for TeslaCrypt is an unsupported product of Cisco Systems, created solely to deal with drives encrypted by the TeslaCrypt ransomware program. If you're hit with ransomware and you have no backups, try this before paying good money to bad people.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 7 Apr 2016
|For Fun: Buy Bob a Snickers.|
Geekly Update - 05 April 2016
The Top Twenty
[TWEAK] Unwanted Windows 10 Features
There's more reader feedback... See all 26 comments for this article.
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [LOCKED!] The Latest in Anti-Ransomware (Posted: 7 Apr 2016)
Copyright © 2005 - Bob Rankin - All Rights Reserved