RansomFree is a new free program for the Microsoft Windows operating system to protect your PC against ransomware attacks.
The program is fully compatible with 32-bit and 64-bit versions of Windows 7 and newer, as well as Windows server operating systems.
RansomFree needs to be installed on the target machine. The protection that it adds to the system is interesting, as it creates a number of files on the system that it monitors for changes.
These files use characters that place them at the top of the directory structure. The idea is that ransomware will parse for files using the same structure so that the created files will be targeted first by the attack.
The company behind the product believes that this is the best proactive way to detect ransomware on a PC at the earliest.
The folder name at the very least seems to be randomized during creation, and this is probably also the case for the files that are placed inside the folders the program creates.
Ransomfree places popular file formats, docx, doc, sql, xls and so on in the folder which are often targeted by ransomware attacks as they are - usually -- personal or work related.
Cybereason researched more than 40 ransomware strains, including Locky, Cryptowall, TeslaCrypt, Jigsaw and Cerber and identified the behavioral patterns that distinguish ransomware from legitimate applications. Whether a criminal group or nation created the program, all ransomware functions the same way and encrypts as many files as possible. These programs can’t determine what files are important so they encrypt everything based on file extensions.
The Ransomfree process runs in the background, and monitors the folder and files for changes. It will block any process that modifies folders or files that it monitors.
So, the theory is that it can block ransomware from infecting "real" files on the system through the use of honeypots. If that is really the case depends largely on the ransomware and how it operates.
The guys over at Bleeping Computer tested the security program against a limited set of ransomware -- Locky, Cerber and Globe -- and the program managed to stop the attacks dead in their track.
CyberReason, the company that is behind for RansomFree states that the program protects against more than 40 different ransomware families including stand-alone ransomware programs as well as so-called file-less ransomware which uses vulnerabilities and legitimate Windows tools such as PowerShell to carry out attacks.
The program supports detection on local drives but also on network drives.
Cyberreason created a demonstration video that shows how RansomFree operates
Security companies left and right started to create anti-ransomware solutions to better protect PCs against ransomware threats. The methods they use differ and so does their effectiveness. It is best to complement anti-ransomware tools with other means including backup creation and resident security solutions such as a properly configured firewall.