Bitdefender Anti-Ransomware released
Bitdefender Anti-Ransomware is a new product by security company Bitdefender to protect Windows PCs against several ransomware families.
Ransomware describes a specific type of malicious software that has been designed to force users to pay ransom -- usually in the form of Bitcoin -- by encrypting data or locking the screen, and threatening users into action.
There are ways users can protect their data against ransomware attacks. This begins with the right security software but does not end there. Regular, offsite backups, can be important as well.
Programs like HitmanPro.Kickstart, Malwarebytes Anti-Ransomware or Trend Micro AntiRansomware have all been designed to block specific ransomware families from attacking Windows PCs successfully. How that do that is different though, the Malwarebytes program for instance uses proactive algorithms to stop ransomware, while Trend Micro's tool offers solutions to deal with lock screen ransomware only.
Bitdefender Anti-Ransomware has just been released as a new Labs project. This means that the program is not yet advertised on the company's main website.
You can download the program using the following web page and install it on any PC running a supported versions of the Windows operating system.
As is the case with other Labs projects, there is little information available at the time of writing. For instance, Bitdefender does not list supported operating systems. We tested the program on a PC running Windows 10 and it installed and ran fine on it.
The about page of the program lists the ransomware families that Bitdefender Ransomware protects against.
According to that page, it protects against known and future versions of CTB-Locker, Locky and TeslaCrypt.
It should be clear from this that Bitlocker Anti-Ransomware does not protect against all ransomware attacks. Trend Micro lists dozens of ransomware families on its website for instance, and one question that you will have to ask yourself is whether it makes sense to run the program on your machine.
It is possible that new ransomware families will be added to the program in the future though which would make it more attractive.
Bitdefender Anti-Ransomware ships with three settings. One, that it runs automatically on system start, is enabled by default, while the two remaining settings have the program minimize to tray on startup automatically, and minimize to tray when the close button is activated.
Bitdefender Anti-Ransomware is a free program that adds some level of protection against three known ransomware families currently.
Currently using Malwarebytes anti-ransomware, program has already flagged 3 attempts. Oddly enough warnings come after a new install of Win 10 insider beta editions. Assuming these are false positives. MBAR together with EMET should hopefully be adequate protection.
ran it…found locky and then kaspersky (which did not find locky) disinfected my laptop
Which program did you run? MBAR or BD Anti-Ransomware?
Ask yourself if you are willing to sacrifice the whopping 4MB that this free program from a very respected company uses while it protects you from a future nervous breakdown. The pros outweigh the nonexistent cons in this case.
I use Foolish IT’s CryptoPrevent. No issues at all in over a year of using it. Then again, I’ve never been notified of a threat, either. I run it along with EMET.
Does it auto update itself, or is it install once and that’s it.
The earlier version AntiCryptoWall did not auto update. Most programs that I’ve encountered that auto update have a manual update option as well. This new release seems to have neither. I sent some feedback and/or suggestions and got receipts indicating that they had been read or deleted without being read. I’ve yet to receive any other reply.
Any attempt by a vendor to block Ransomeware is admirable but there is no real way to tell that it works unless one gets “ransomed”, then you know that it didn’t.
When I ran CCleaner after removing the earlier version of AntiCrpytoWall, it indicated that CTB-Locker and Locky were “fixed” as part of the Registry Scan but I am presuming that these were remnants of that version which had to be removed before installing Bitdefender Anti-Ransomeware.
I run MalwareBytes Anti-Exploit and EMET along with Panda Free and do periodic scans with Super Anti-Spyware and MalwareBytes Anti-malware. I also use Ublock Origin with Firefox and Google Chrome. I tried MalwareBytes Anti-Ransomeware but it’s way too buggy right now and flags way too many things. I’ll give them another shot when they work out the kinks.
I can’t say I like or dislike this Bitdefender product I applaud efforts by any vendor trying to protect consumers from this malicious threat.
Looks good, but my Kaspersky Internet Suite wouldn’t stop throwing up alarms until I’d uninstalled the BD application.
Me too, maybe BD is not the correct solution. What is the real deal against locky ?
HitmanPro.Alert registered version here (together with HitmanPro (“classic”, aka HitmanPro.Kickstart).
The article mentions HitmanPro.Kickstart when I guess it is referring to HitmanPro.Alert which is the sister application of HitmanPro.Kickstart dedicated to anti-ransomware and to pro-active defense in general.
Hard to evaluate the effectiveness of an defensive application until you encounter an attack. Angels smile here up to now.
Concerning this ‘Bitdefender Anti-Ransomware’ I’d need a test computer to evaluate it because I wouldn’t run the experimental version of an application scoping my system’s defense.
I thought that my antivirus should (at least try) to protect me from all kinds of threats…
now every av company has this sh..!
Buy this – because when you were buying other stuff from us we were lying to you that we will do our best to protect you from EVERY POSSIBLE THREAT!
Paranoia strikes deep
Into your life it will creep
It starts when you’re always afraid
Step out of line, the man come and take you away
The things is that most of them are not necessary, even if the picture are faked as .jpeg and you click on them ‘accidentally’ it want’s admin privileges e.g. to change the bootloader. The dangerous is that some versions not want that, they change only files which aren’t protected or not need higher privileges. An workaround would be to work with ACL to restrict e.g. the download folder/temp/appdata and others so that nothing or only the files you explizit opt-in can be executed.
Even if you’re infected an it crashes you system (via BSOD) for force a restart you still have a good chance, just not wait until the ‘searching for C:\’ dialog, shutdown immediately, and start from a recovery cd or boot into cmdline environment, open notepad which allows to browse you trough the files via open file dialog and then you can execute e.g. bootmgr or other things to fix that.
Of course this needs a little bit background knowledge but youtube and such sites like ghacks could/can explain it and you’re good to go.
Prevention is they key but as mentioned it’s a shame if you trust an AV that it not protects you totally against everything, but on the other hand it’s normal because malware writer are fast and change there stuff as soon it’s get detected (the cat and mouse game starts).
I not blame the AV industry or the OS because if you really want to take control over everything this would require a lot of time and would scare the normal user away, so this is difficult to solve. But as mentioned a start would be to work with secpol/gpedit.