Free Protection Against Ransomware

Category: Security

More than 70% of new malware released these days is of the ransomware variety. Why? Because it works! Ransomware takes all of a user’s data hostage, a terrifying moment for most of us. Only by paying a few hundred dollars can you get the key that unlocks your data, the extortionists claim. Many people pay quickly under the pressure and anxiety. Let's proactively deal with that problem -- check out these free tools to block and recover from ransomware...

Prevent and Recover From Ransomware Attacks

Prevention of infections by ransomware is the first line of defense. Recovery of data from clean backups is the next resort, ideally. If you don’t have a clean backup, there are tools that may be able to break the lock on your data. In today's article, I'll introduce you to some free tools to block ransomware before it can scramble your files, and recover from ransomware if it sneaks through your defenses.

There are two types of ransomware. One encrypts your data, while the other simply walls you off from it with a “lock screen” that must be unlocked with a password. Trend Micro’s Ransomware Screen Unlocker Tool is designed for the latter. Two versions are available: one for PCs that can still be booted in Safe mode and the other for PCs that can’t.

Encryption is the favorite method of ransomware these days. Several free tools attempt to prevent ransomware encryption. Some tools rely on the digital signatures of known ransomware variants, and thus are always behind in the arms race. But a high percentage of ransomware in the wild is based upon these known variants, so signature-based tools offer a fairly high degree of protection.

Ransomware prevention and recovery

Bitdefender’s Anti-Ransomware Tool detects and blocks the CTB-Locker, Locky, Petya, and TeslaCrypt ransomware families of ransomware. If you already run the Bitdefender security suite, ransomware protection is built in. If you use other antimalware software, the ransomware tool alone can run right alongside of it.

Other ransomware tools use behavioral analysis to thwart ransomware before it encrypts your data. This approach relies on knowing what sorts of behaviors precede actual encryption activity. Barkly, RansomFree, and Kaspersky Anti-Ransomware Tool are examples of this breed. The first two must be updated whenever their developers find another telltale behavior that should trigger a block. Kaspersky’s tool taps the constantly updated database of worldwide ransomware incidents maintained by the company.

If Your Data is Already Encrypted

The best protection against ransomware is to regularly back up your data. Are you backing up everything -- your hard drive, social media, cloud storage, and mobile devices? Some people say backups are too complicated, expensive or time consuming. Not true! If you have questions about backups, you'll find practical help and answers in my ebook Everything You Need to Know About BACKUPS (5th Edition). Please take 7 minutes and read the letter I've prepared for you, which explains what's in the ebook, and how you can get up and running with your own backup regimen today. Thanks!

If your data is already encrypted by ransomware, there are some tools that may be able to decrypt all or part of it. They’re not exactly fully automated, though.

Avast offers multiple decryption tools but you need to know what kind of ransomware is holding your data hostage before you an download the right tool. Trend Micro’s Ransomware File Decryptor has a single version for all 26 types of ransomware it can decrypt, but you still need to tell it which variant has infected your machine. Trend Micro’s documentation says,

“Most ransomware usually includes a text file or html file to inform the user that his/her system has been infected by a certain type of ransomware. Using this information, an affected user can select the suspected ransomware name to decrypt files. Users having trouble identifying the type of ransomware should contact Trend Micro Technical Support for further assistance.”

How do you browse a hard drive for a text or html file if you’re locked out of the drive? I suppose a bootable recovery disk is the logical option. You would boot from the recovery disk and then browse the infected drive from the command line. But that's rather geeky, so this would be a tool of last resort if you can get help from a tech-savvy friend.

Neither of these decrypting tools promises to decrypt all of your files, and either may be stumped by new variants of ransomware. The best protection is to regularly back up your data.

Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Check out other articles in this category:

Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 23 Jun 2017

For Fun: Buy Bob a Snickers.

Prev Article:
[Windows 10 Tip #3] - Where Is Everything?

The Top Twenty
Next Article:
Is It Too Late For Firefox?

Most recent comments on "Free Protection Against Ransomware"

Posted by:

23 Jun 2017

Besides good backups, people should remember to not open unknown files from unknown people.

Posted by:

23 Jun 2017

I use Cybereason ( RansomFree - free ransomware protection. Info can be found on their website. Go to Products and Services and pull down RansomFree, and you can download it from there. The company is staffed by ex-military cybersecurity experts who really know what they are doing. I do have Trend Micro also, but RansomFree is my first line of defense.

Posted by:

23 Jun 2017

Kaspersky Anti-Ransomware Tool . . . for BUSINESS is the one you mention (but didn't add the "for Business") and according to the application, requires a minimum of 10-24 employees. Think it will be okey to install this free edition as a single private computer user?

Posted by:

23 Jun 2017

@RichF - Just because an email comes from a known person DOES NOT mean it's safe! I had a client today who tried to open 4 separate links in an email, all of which were identified as malicious by his antivirus, but he went ahead anyway because the email was from someone he knew. Big mistake. He wasn't able to open any of the links, as far as he could tell, but suddenly all of his contacts started receiving the same message from him, with the same 4 links. Not yet sure of the full fallout.

Posted by:

23 Jun 2017

It's surprising how many people will click a link after their software tells them it's dangerous, or will download files from unknown sources, and then wonder how they got a virus.

Always check the status bar when you hover over a link in an email. If it doesn't match what's on the page, do NOT click it!

Posted by:

Lady Fitzgerald
23 Jun 2017

The best advice was to maintain up to date backups of one's data. It is far more effective to be proactive than to be reactive.

Backups will also protect one's data from other evils, such as other kinds of malware, drive failure, theft, natural disasters, etc.

Posted by:

bob rice
23 Jun 2017

I changed my Windows operating mode from Admin to Standard, and cannot install or upgrade anything without my keying in the Admin p/w.

Does Standard mode prevent ransomware since it's now impossible to install anything. How can ransomware install now?

Posted by:

Peter O
24 Jun 2017

All very well - just do backups & problem solved apart from user behavioural issues.
That's the essence of the problem:
1) Most PC' have huge amounts of data, some critical, some trivial & a vast amount that can be sacrificed if necessary but which is often Tb in size.
2) This data is commonly stored on 2 or 3 internal HDs & only rarely is organised for quick selective backup.
3) Backup is tedious & not easy to automate.
4) It's not easy to test the backup or even retrieve what has been backed up. Who has not had experience of "that ***** backup does not work"!
Finally I doubt the infection vectors generally mentioned are the only sources. How frequent these days that unwanted videos & audio messages are forced in users whilst browsing despite adblocks of various designs. If this can so easily happen, surely so can a ransom program be similarly presented?

Posted by:

24 Jun 2017

I just bought a new Mac mini and accidentally changed my admin status to standard. After that happened I couldn't do anything with the computer. I called Apple and they said to bring it back and exchange it for a new computer which I did and Best Buy gave me a new Mac mini.

Posted by:

bob rice
24 Jun 2017

"and accidentally changed my admin status to standard....couldn't do anything with the computer."

The problem with just changing to Standard mode is you lost the ability to access Control Panel > User Counts > etc and change it back.

That is why you create a new user admin mode FIRST. That allows the ability to change all user account modes.

[but now sure how is was "accidentally" changed. It requires several specific steps.]

Posted by:

Lady Fitzgerald
24 Jun 2017

@Peter O 1. So what if one has huge amounts of data? That's not a reason to not backup all that data (it's not even a poor excuse).

2. Data backups can easily be in the form of duplicates of the original drives.

3. When using the right back up programs, backups are easy to do. Just start them and let them run until done. Easy peasy. You can still use the computer while the backup is updating.

Automating backups is a very bad idea since it requires keeping the backup drives connected to the computer at all times, subjecting them to the same malware and user error (mostly accidental deletions) that can corrupt or destroy the original data. Backup drives should be connected to a computer only when updating a backup.

4. Both Macrium Reflect and FreeFileSync have provisions for verifying backups (although the latter requires a hack to do so, it works very well). Retrieving lost data with both programs is easy.

Your backups will not get infected as long as the backup drives are not kept connected to the computer and you run security scans before updating the backups.

Posted by:

24 Jun 2017

@Bob Rice: Running as a Windows standard account rather than 'admin' is *not* protection against viruses or specifically, ransomware. This is malware that runs in standard user space, does not install itself as a Windows program, and can encrypt any file that you, as a standard user, can edit.

Or, in other words, a standard user can still get infected and lose files to ransomware, but the system itself should not be effected. Indeed, ransomware does not try to hide; it wants you to pay the ransom.

Posted by:

25 Jun 2017

What is a safe backup? Pretty much all of my stuff is also in the cloud...Dropbox and pics in Google Photos. Would the encryption also update (encrypt) them? I also have backups on an external HDD...since it is always on and attached, would its data be encrypted?

Posted by:

Lady Fitzgerald
25 Jun 2017

@Mike You should never have your backup drive always on and attached to avoid having it also get encrypted as well as lose data to other malware, etc. Backup drives should never be connected to the computer except when updating the backup. If the backup drive has it's own power supply, that should also be kept turned off except when updating a backup.

It's a strong possibility that your cloud data could also get encrypted since Dropbox and Google do not have the best security. Those sites are for storage, not backups. Good, paid cloud backup sites, such as, Crashplan, and Backblaze are far more secure.

Posted by:

Steve Stephenson
25 Jun 2017

I'd like to take a belt and braces approach if it poses no problems.
Is it possible to run both BitDefender's offering and RansomFree at the same time?
They appear to take different approaches in identifying the offending malware, think it could be helpful to have them both running at the same time.

Posted by:

Andrew McCann
27 Jun 2017

CryptoPrevent is very good. Free and paid versions:


Posted by:

Lady Fitzgerald
28 Jun 2017

I received an email from MBAM (MalwareBytes Antimalware) this morning saying the fulltime protection of their paid version of MBAM already includes the latest ransomware to come out. Still, having multiple, full backups of one's data is the best single defense.

Posted by:

28 Jun 2017

I downloaded Bitdefender's anti-ransomeware tool yesterday. This morning, my MBAM Premium (which has anti-ransomware protection), had its internet protection turned to "Off." The 2 software packages didn't like each other. I have paid for MBAM and got Bitdefender for free. Should I negate MBAM (paid) for Bitdefender (free)? Your thoughts on this would be appreciated. What do we do if we try one of the other tools and have the same thing to happen? (After all, you've been recommending MBAM for a very long time....)

Posted by:

Geoff Greig
01 Jul 2017

I find it ironic that a technology used to make data more secure, encryption, in now being used against us.

Posted by:

11 Jul 2017

All software in this article are for Windows 7 & above. Barkly is trialware for 15 days.

EDITOR'S NOTE: Vista has 0.5% market share, XP has about 6%. So I don't cater much to those platforms.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter

Copyright © 2005 - Bob Rankin - All Rights Reserved
About Us     Privacy Policy     RSS/XML

Article information: AskBobRankin -- Free Protection Against Ransomware (Posted: 23 Jun 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved