Anti-Ransomware Software Overview

Martin Brinkmann
Mar 30, 2016
Updated • Aug 19, 2019
Security
|
82

There are two types of Anti-Ransomware software programs: those that protect the system in real-time against incoming threats, and those that disinfect the system after a successful ransomware attack.

The following overview of anti-ransomware programs looks at programs that have been designed specifically for those purposes.

It doesn't include general purpose security software that includes ransomware protection as well. In addition, we made the decision to separate programs designed to protect the system against ransomware attacks from decryptors that decrypt files after successful attacks.

As far as prevention is concerned, there is more that users can do, for instance making sure they run up to date security software, do back ups of important data and keep the backups detached from the system, or use common sense.

Here is a short introductory video on ransomware.

Anti-Ransomware Software

The following programs are designed to protect against ransomware, and/or disinfect computer systems that are already infected.

The programs are sorted alphabetically, and a table at the end provides you with information on how they stack up against each other.

Only a few provide protection against most, if not all, ransomware types, while most protect you only against certain common types, or let you disinfect an already infected computer system.

The listing is quite large, and will grow only over time as ransomware threats become even more mainstream than they are already.

If you want a recommendation, the best solution in our opinion right now is WinPatrol WAR thanks to its layered approach and solid defense system.

AppCheck Anti-Ransomware

AppCheck Anti-Ransomware protects 32-bit and 64-bit versions of Microsoft Windows against ransomware threats. The program is available as a Home version and commercial Pro version with both versions supporting the same core ransomware protections.

Both versions support real-time protection, exploit protections, and MBR protections, the Pro version adds network protection to the list of available security options.

The program uses a database of ransomware signatures and heuristics to protect against attacks.

AbelSoft AntiRansomware

abelsoft antiransomware

AbelSoft AntiRansomware is a commercial program that runs a background guard that scans the system for software that resembles ransomware. It uses algorithms to detect ransomware, and protects user folders as well as custom folders by monitoring them specifically for changes.

A 30-days limited trial version is provided on the developer website.

Bitdefender Anti-Ransomware Software

Bitdefender Anti-Ransomware

Bitdefender's program runs silently in the background after it has been installed on a supported version of the Windows operating system.

It has been designed to protect the system against the CTB-Locker, Locky and TeslaCrypt crypto ransomware families.

According to Bitdefender, it will protect against known and possible future versions of these families.

CryptoPrevent

cryptoprevent

CryptoPrevent is a long standing program designed to protect the operating system in real-time against ransomware and other threats.

It displays options on first run to select a protection level which you may increase or decrease as you see fit. The higher the level the better the protection, but the more likely it is that false positives occur.

The program adds group policy objects to the Windows Registry that prevent executable files from running in certain locations on the system. It furthermore uses hash definitions, program filtering and logic based on certain attributes of executable files to determine whether it should be launched on the system.

GridinSoft Anti-Ransomware

GridinSoft Anti-Ransomware is available as a free beta release. The product page offers little information on how the protection works unfortunately, but states that it prevents data from popular ransomware families and cyberlockers.

HitmanPro.Alert

hitmanpro.alert

HitmanPro.Alert is on first glance an anti-exploit program which should help against certain ransomware attacks as well.

But instead of stopping there, it includes protection against CryptoGuard ransomware as well. The program requires a valid HitmanPro license.

Interestingly enough, its feature set makes it quite the unique tool even if you compare it against other anti-exploit software such as EMET or Malwarebytes Anti-Exploit.

HitmanPro.Kickstart

hitmanpro kickstart

HitmanPro.Kickstart is a complementary software for HitmanPro that you can boot from to run HitmanPro to remove ransomware infections from the Windows operating system installed on the PC.

It has been designed specifically to remove lock screen ransomware from the computer system.

Kaspersky Anti-Ransomware Tool for Business

kaspersky anti-ransomware tool

Kaspersky's solution against ransomware is called Kaspersky Anti-Ransomware Tool for Business. While designed for businesses in particular, the program is available as a free download currently on Kaspersky's website.

The anti-ransomware program runs in the background after installation monitoring the file system for suspicious activity. It comes with a signature database to detect known threats, and uses a cloud-based service on top of that.

The program supports rollback operations, and ships with options to trust certain applications.

Malwarebytes Anti-Ransomware (Beta)

malwarebytes anti-ransomware

Malwarebytes' program is currently offered as a beta that is free to install. It is unclear right now if the program will remain free after the beta or may be integrated in the company's other products.

Apart from preventing infections from known ransomware such as CryptoLocker, CryptoWall, CTBLocker and Tesla, it implements something the developers call proactive protection against ransomware.

Malwarebytes Anti-Ransomware uses advanced proactive technology that monitors what ransomware is doing and stops it cold before it even touches your files. It has no shot at encrypting. And it does not rely on signatures or heuristics, so it’s light and completely compatible with antivirus.

The program needs to run on the computer system to block ransomware from attacking the computer successfully.

McAfee Ransomware Interceptor (Beta)

mcafee ransomware interceptor

McAfee Ransomware Interceptor is a beta program designed to monitor the system, detect ransomware processes, and terminate and block them before they start to do damage to the system.

The program offers little information in regards to the ransomware threats that it protects against, or how it determines whether a process is ransomware.

Controls are limited to starting and stopping the monitoring, and to whitelist files to avoid having processes flagged as ransomware that are not.

The only other option provided at this point in time is to view the program's detection log.

SBGuard Anti-Ransomware

sbguard anti-ransomware

SBGuard Anti-Ransomware hardens the operating system against ransomware threats. It is not a a program that monitors the system for threats, but will modify certain settings on the system to make it harder for ransomware to attack the data on it.

According to the description, it injects around 700 Registry entries to force Windows Group Policy to use inbuilt software execution restriction capabilities in certain locations, and prevent certain file types from executing.

Trend Micro Anti-Ransomware Tool

trendmicro anti-ransomware

Trend Micro's program for Windows has been designed specifically for lock screen ransomware. It refers to ransomware that limits user access to the computer.

The company has released two versions of the program for home users. The first can be used if the ransomware blocks access to the operating system only, but not to Safe Mode with Networking.

You can run the tool in Safe Mode with Networking then to remove the threat from the system and restore its full functionality.

The second version of the program is provided as a bootable USB version which you can run if both Safe Mode and regular mode are blocked by the ransomware.

WinPatrolWar (formerly known as WinAntiRansom)

winantiransom plus

WinPatrol War is a commercial anti-ransomware software program that block ransomware threats on Windows systems. While commercial, it is available for a one-time payment starting at $69.95 for a single-device lifetime license, or $19.95 for a single device one-year subscription.

The program uses a layered approach, and mixes it up with all kinds of cool features. For instance, it protects important files using its SafeZone feature to prevent ransomware slipping by from manipulating files.

Other layers include network lockdown, which protects mapped drives, and Registry protection, which protects important Registry keys from being manipulated by ransomware.

While designed specifically for ransomware, WinPatrol War will block other malware as well thanks to its layered approach.

Anti-Ransomware Software Comparison

Program Name Free Beta Ransomware Real-time Protection Disinfection Supported OS Comments
AppCheck AntiRansomware yes no 900 signatures, heuristics yes no Windows 7 and up Free and Pro version, pro version $24.99 per year
AbelSoft AntiRansomware no no unknown yes no Windows 7 and up  Trial available, full version price is €14.90
Bitdefender Anti-Ransomware yes no CTBLocker, Locky, TeslaCrypt yes no all supported versions of Windows
CryptoPrevent yes no unknown, developer cites "large number of cryptoware" yes no Windows XP to Windows 10 Paid versions available, protects against other malware, folder watch protection
Gridinsoft Anti-Ransomware yes yes unknown yes no all supported versions of Windows
HitmanPro.Alert no no Cryptoware protection yes no Windows XP to Windows 10 requires HitmanPro
HitmanPro.Kickstart no no Lock Screen only no yes Windows XP to Windows 10 requires HitmanPro
Kaspersky Anti-Ransomware yes no unknown yes rollback all supported versions of Windows
Malwarebytes Anti-Ransomware yes yes CryptoLocker, CryptoWall, CTBLocker, Tesla yes no all supported versions of Windows Proactive Protection against new ransomware
McAfee Ransomware Interceptor yes yes Most unknown, Locky, TeslaCrypt, WannaCry yes no Windows 7 and up
RansomFree yes no against more than 40 tested variants yes no all supported versions of Windows Honeypot system
SBGuard yes no hardens the system no no all supported versions of Windows
Trend Micro Anti-Ransomware yes no Lock Screen only no yes all supported versions of Windows
WinPatrol War no no most, if not all, ransomware yes no all supported versions of Windows Layered protection, File, network and Registry protection

Ransomware Decryption Tools

While it is best to prevent ransomware from landing on a system, the following tools may help you remove ransomware from an infected machine.

The list is updated regularly, if you know of a new program, let us know. Instructions on identifying ransomware are provided when you click on the links.

You may also use services such as No More Ransom or ID Ransomware for help in identifying the ransomware type that infected your machine.

Now You: Did we miss a program? Do you use special software to protect your system against ransomware?

Summary
Anti-Ransomware Software Overview
Article Name
Anti-Ransomware Software Overview
Description
The Anti-Ransomware Software lists security programs designed to protect Windows operating systems from ransomware attacks, and tools designed to remove ransomware infections.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Anonymous said on July 31, 2020 at 9:50 pm
    Reply

    Hi Martin,

    Is it possible to update this article for the best anti-ransomware apps for 2020?

    Best,

  2. barfeert said on August 19, 2019 at 11:05 am
    Reply

    @Martin – RansomFree has been discontinued.

    1. Martin Brinkmann said on August 19, 2019 at 11:20 am
      Reply

      Thank you!

  3. Jim Alexander said on August 16, 2019 at 9:15 am
    Reply

    Hi all,
    I haven’t planned to post a comment, yet my case can help many to prevent from data kidnapping.

    Nearly all my files were encrypted into *.mtogas files (some were not including *.dll, *.ini), and a “_readme.txt” file was left at every folder. It requires an amount of 980 US dollars for data decryption, or half if you pay the bad guy winthin 72 hours. The *.mtogas files have been unable to handle and now all of they now are sort of garbage!

    Note: the last 2 letters are the 2 thirds letters in English ABC, you guess, because the rule in this site may prohibit to public something harmful, I’m not sure.

    Hope someone will help.

    Many thanks.

    Jim Alexander.

  4. Shannana said on May 25, 2018 at 3:31 pm
    Reply

    I think 360 TS has the best, free anti-ransomware. I thought RansomFree was good, but it seems to fail many tests, but I still use it anyway as it uses honeypots and it’s free. Also note that CryptoPrevent is sadly no longer free.

  5. RayMann said on November 24, 2017 at 10:15 am
    Reply

    Thanks again Martin, great list!

    Like you said, I do backups, both manual and auto backups, so I guess I have little to worry about.. Regardless, without any anti-ransomware I got hit by some ransomware two years ago on my Win PC that sort of encrypted an ext drive (IDK what it did exactly or how I got it). I think it may have come in through an Android tablet, but IDK. As it was, it corrupted the file names but I found and removed the bugger before it did any more damage or locked my PC. Likewise, I was able to recover my file names after some tinkering. I forget what I did exactly, but I know I ran a full scan, found and removed the ransomware, ran Bleachbit + CCleaner, and I did a system restore, and it worked. I suspect I got hit by some ransomware that was buggy and/or weak, which was a good thing for me, yet it was still a pain.

    That said, I now run Windows Defender, Bitdefender Anti-Ransomware, CryptoPrevent, and RansomFree, with no compatibility issues to speak of.

  6. Homie said on August 16, 2017 at 12:08 pm
    Reply

    Add some Application Control to your Windows 7/8/10 (Home Edition) machine. As a home user you probably can’t get your hands on tools like SRP, AppLocker, AppSense Application Control, Palo Alto Traps or UBA solutions like SentinalOne. But you can block the unknown with a program called VoodooShield, this will run side-by-side with your AV and network security program and will popup when “something” unknown wants to execute on your machine.

    Here you can see how it blocks WannaCry v2:
    https://www.youtube.com/watch?v=1fYL4ECVOfs

  7. Charles said on July 31, 2017 at 6:43 pm
    Reply

    I use iobit software excllent anto ransome ware .They have agreat deal of different software for
    your computer check it out. Thanks

  8. rich thomas said on May 30, 2017 at 1:01 pm
    Reply

    Thank you for your reply, Martin. I am concerned about the risks posed today (shouldn’t we all be?) but my security practices are thorough (hence me considering anti-ransomware software).

    Maybe I will try 1 or 2 of the products mentioned in the article (1 at a time, obviously), and report back here as to whether there is any performance hit. If there is not, then perhaps there is no harm in running an additional anti-ransomare product for extra security.

  9. rich thomas said on May 28, 2017 at 9:46 pm
    Reply

    Is it advisable to run separate anti-ransomware software too, if one’s current anti-virus solution has some anti-ransomware functionality? Obviously, running 2 solutions may provide more security, but in the past with anti-virus software the consensus has been not to run 2 products at once to prevent conflicts and performance impact. FWIW, I’m currently running Avast and am considering whether to add one of the free solutions in the article as reinforcement.

    1. Martin Brinkmann said on May 28, 2017 at 10:19 pm
      Reply

      Rich it depends but my answer to that would be no usually unless you are very insecure when it comes to the Internet or don’t follow best security practices (such as installing security updates and keeping software up to date).

      You may not get a lot of mileage out of running one of the free solutions if your resident antivirus solution protects you against (some) ransomware attacks already.

  10. tom warner said on May 24, 2017 at 12:18 am
    Reply

    Eset Smart security and NOD detect ransomware like wannacry

  11. star stern said on April 27, 2017 at 9:31 pm
    Reply

    there are 100’s of malware protection ,but to download them all will have the most malware on system possible ,am using malawarebyts.com and am fine ,

    there are so many system cleaning tools ,but to download them all ,will have the most jammed computer an using cclean and am fine ,

    there are so many anti virus programs ,but if will download them all ,will be the most infected ,am using trend micro and am fine ,

    but when it comes to ransome ,was still getting them,but again here to download all ransome protection ,will just be conflict each other and will have no protection at all ?

    any tips ,advice, aside trend micro which is the top rated anti ransome program ,what else me to do ??

    1. OhMyCyber said on May 25, 2017 at 6:40 pm
      Reply

      There’s no question, trying to protect our home/small business machines is huge, & a huge time sucker these days! Plus needing to be a rocket scientist. ;) Additionally , it’s so individualized (not talking enterprise), while we get excellent recommendations & advice, it may not work on my/your particular machine machine, for any number of reasons. And, of, if makes my machine to slow, too inconvenient or complicated, I’m not gonna use, or use it less than %100, thus leaving me vulnerable.
      And, I’m not even mentioning the privacy concerns that are fundamentall to thinking about the security of my systems.
      Geez, “May we live in interesting times.”
      Thank you Martin, for all your contributors, commentariats & for this terrific site!

  12. boredog said on April 26, 2017 at 9:06 pm
    Reply

    You asked about other products besides antiransomware dedicated.

    1. Appguard
    2. Voodooshield
    3. Shadow Defender

    Always have a good image program. Anyone giving advice to not should, is giving bad advice.

    If you want to test ransomware on your own to see what really works, go to testmyav dot com. You will need a LinkedIn acoount to be able to download them.

    1. jelson said on May 24, 2017 at 11:10 pm
      Reply

      AppGuard and VoodooShield are both superb antimalware products

  13. smalleyes said on March 27, 2017 at 8:08 pm
    Reply

    hi guys, does anyone knows how to run MB Anti-Ransomware Silently or hide it from systray atleast.

  14. Calin said on March 22, 2017 at 2:12 pm
    Reply

    Another product is TEMASOFT Ranstop. It does reactive detection and blocking of ransomware, including ransomware that runs from remote, or runs in legitimate processes (scripts executed by the browser, etc). In addition it does real time file protection so and recovers affected files automatically. In case of undetected threats, you can still recover the files manually.

  15. George said on March 15, 2017 at 4:26 pm
    Reply

    You should check out MalwareFox too.

  16. Traveltravel said on January 5, 2017 at 1:24 am
    Reply

    HI

    Can you test AppCheck (free) anti-ransomware? It’s available here

    https://www.checkmal.com/en/

    1. jelson said on May 24, 2017 at 6:51 am
      Reply

      Second that…

  17. Michel said on September 20, 2016 at 3:54 pm
    Reply

    Given that these apps evidently don’t protect against the same ransomewares, how many do you recommend simultaneously running real time in addition to a user also running an antivirus and a HIPS app. (Malware Defender or WinPatrol) real time?

    I have a Dell Latitude E6500 with 4 GB RAM, an Intel Core 2 CPU P8700 running at 2.53 and 2.54 GHz, using 32-bit Win 7 Home Premium. The hard drive is 200 GB or more.

  18. varo said on September 12, 2016 at 11:45 pm
    Reply
  19. boredog said on August 6, 2016 at 10:23 pm
    Reply

    if you want to see some real life testing. go watch cruelsister videos posted on youtube. she not only knows what she is doing but has awesome tunes during her videos too. she has tested various software including WAR. if she makes a bypass, she will work with the program author to help get it fixed. you can find her on malwaretips.

    1. Rick A. said on April 26, 2017 at 7:52 pm
      Reply

      Okay, there’s a 1. She pop’s right up when you add the 1. Thanks.

    2. Rick A. said on April 25, 2017 at 9:59 pm
      Reply

      i looked and couldn’t find her videos.

      1. boredog said on April 26, 2017 at 5:52 pm
        Reply
  20. Curt Esser said on May 27, 2016 at 11:41 pm
    Reply

    Are any of the other AV security products developing a solution? I’ve seen write-up that Emsisoft does. I was wondering about other popular ones such as Avast, AVG, Kaspersky, Webroot, and others I do not recommend such as Symantec Norton and Intel McAfee? Thanks for putting the list together.

  21. star said on May 26, 2016 at 7:19 pm
    Reply

    trend micro max 10 did not install on safe mode ,it asks me to go to regular mode ;

    while I installed it ,it says its in conflict with malawarebytes .do I have to choose one over the other ?

  22. CHEF-KOCH said on May 14, 2016 at 6:51 am
    Reply

    Does it really matter which tool you use? I mean seriously, they all updating the databases and trying to improve their tools asap. Again it’s more matter of which solution / company you can trust.

    I think they all suck if new stuff popping up, since you can’t protect against something which you not know about.

  23. Eric said on April 14, 2016 at 4:29 pm
    Reply

    minerva-labs.com covers all ransomeware.. not sold to private people though..

  24. LimboSlam said on April 10, 2016 at 8:12 am
    Reply

    @Martin Brinkmann: CryptoPrevent blocks CryptoLocker variants, copycats, and similar ransomware.

    You can read more about there blocking/filtering module here: https://www.foolishit.com/cryptoprevent-malware-prevention/technical-information/, more towards the bottom.

  25. vanp said on April 3, 2016 at 7:10 pm
    Reply

    1. I use HitmanPro.Alert and Emsisoft Anti-Malware. I’m considering WinAntiRansom (WAR) in addition. Can anybody tell me if what I have is enough, or would adding WAR be a good additional “set of eyes” on the problem?

    2. I’ve had the FBI virus (if that’s the proper description) twice and something else once (on a different computer with different software from what’s listed above). I didn’t spend a lot of time reading the instructions; I knew immediately it was malware and restored a system image to solve the problem each time. One of these I’m pretty sure I got from Amazon.com. Another I think I got from a music site (can no longer remember the name). The other I don’t know. Can anybody tell me if the FBI thing is actually ransomeware? I think it was out before the term “ransomeware” came into common usage.

    3. So, Maelish, while it may not be common on an individual home computer, it’s possible and should be taken seriously.

    4. I’m using the Pale Moon browser. This page scrolls very slowly, and when typing the letters are delayed in appearing. Anybody know what’s going on? I’m new to this site but don’t think this should be normal anywhere.

  26. rkr3 said on March 31, 2016 at 3:07 pm
    Reply

    How about Heimdal Pro (https://heimdalsecurity.com/en/)? It’s often available free for a year’s subscription.

    Anyone have any views on the same as regards protection against ransomware?

  27. ilev said on March 31, 2016 at 7:57 am
    Reply

    I use HitmanPro Alert since the first beta.

  28. Jeff-FL said on March 30, 2016 at 11:51 pm
    Reply

    Everyone should be creating backups! if you have friends or relatives who are noobs, insist they make backups. Any data you value should always be in at least two places at the same time. Having solid backups removes the power from malware like this.

  29. ted said on March 30, 2016 at 9:02 pm
    Reply

    WinAntiRansom blocks Petra!!!
    https://www.winpatrol.com/winantiransom/

    1. Martin Brinkmann said on March 30, 2016 at 9:26 pm
      Reply

      Review coming tomorrow.

  30. Joel said on March 30, 2016 at 8:14 pm
    Reply

    Out of the free ‘better looking ones’ [capability and reputation wise] such as MalwareBytes and Bitdefender – which would U recommend?
    and should this quote of MalwareBytes download page [on their forum] trouble me and have me choose BD over MB?
    “As this is the very first beta we do encourage beta users to install the product in non-production environments for testing purposes.”
    Thanks for info!
    @ Martin & all the informative users\commentators

    1. Tom Hawack said on March 30, 2016 at 10:12 pm
      Reply

      One thing is sure as always : the ability of the market to propose applications which correspond to public expectations but also the risk as always to have this market offer applications that “fit” rather than quality code that ‘handles”. i’m pointing no company in particular but maybe is it worth reminding that a software’s name and pretensions doesn’t qualify it as such to be the right product. We know this happens with anti-virus, anti-malware products so it may be worth reminded that anti-ransomware specific applications make no exception to the rule.

      I hear, read here an orchestra of praise for WinAntiRansom, fine, why not? But I wouldn’t consider a product to be in principle the best on the basis it is acclaimed by a trio of fans, whatever their sincerity that I do not doubt of.

      Facts, as far as I’m concerned, are called Hitmanpro.Alert together with Hitmanpro.kickstart requiring an annual license valid for both. A highly sophisticated product in its architecture though so easy to use for everyone. I’ve never had the slightest problem with either and I am assured both are as efficient as can be. Moreover both handle anti-ransomware as other system-wide protections not found in traditional anti-malware.

      I just wished to share this experience together with a modest general recommendation. In times of crisis it is often a reflex to jump too quickly to solutions we may not have weighed extensively enough.

    2. Martin Brinkmann said on March 30, 2016 at 9:33 pm
      Reply

      Joel, I would not run beta software on a machine you require or do work on.

      1. Joel said on March 30, 2016 at 9:40 pm
        Reply

        Alright, thanks!
        So if anyhting – BitDefender it shall be then :)

  31. beerpatzer said on March 30, 2016 at 7:27 pm
    Reply

    Does Ransomware use its own encryption tools to encrypt the files, or does it rely on Windows BitLocker? As a Home version user, I don’t have BitLocker…

    1. Martin Brinkmann said on March 30, 2016 at 9:36 pm
      Reply

      Beer, it uses its own encryption.

  32. oz said on March 30, 2016 at 6:57 pm
    Reply

    yes, my backups are always full disk copies including mbr.

    my data is usually kept on a separate disk, too.

    1. Tom Hawack said on March 30, 2016 at 7:13 pm
      Reply

      Certainly the best security policy (separate disk connected only for backup/restore). OK.

  33. oz said on March 30, 2016 at 6:33 pm
    Reply

    Thanks for the article, Martin!

    It’s doubtful that I’d ever install anti-ransomware software because I do backup regularly, and I keep the 4 previous backsups on hand at all times. Those backups are stored on an external drive that is never connected, except for doing backup or restore operations, and it only takes about 7 to 10 minutes to do a full restore. Of course, something could happen that might eventually change my mind, but for now I’ll stick with my current plan as it is working quite well.

    1. Tom Hawack said on March 30, 2016 at 6:46 pm
      Reply

      Malware can infect a HDD’s boot sector, but you must know that better than I, so I guess your backups include the entire source disk and not files alone.

      1. Jeff-FL said on March 30, 2016 at 11:47 pm
        Reply

        Oz’s ‘7 to 10 minutes to restore’ comment sounds very much like an image restore tool, such as Macrium Reflect, so I’m close to certain he’s referring to a full partition backup.

        I do a similar thing – upon waking up every morning, I power on the PC, and then run a script that a) does a complete image of my C: drive and b) creates a separate backup of my firefox profile (using Mozbackup). Today’s image replaces the one before it, so they don’t stack up. If disaster were to strike, I never have to go back further than the morning of the same day.

      2. Joel said on March 30, 2016 at 7:49 pm
        Reply

        Heyyy,
        A quick word of ‘why isn’t backing up files alone, enough’?
        o.O

      3. Martin Brinkmann said on March 30, 2016 at 9:35 pm
        Reply

        Joel, backups may be enough, but there are two issues. First, depending on when the backup gets done and how it is done, it may include the malware already or even backup the encrypted files. This can be overcome of course by creating independent backups and keeping them stored in a place that is not connected to your PC.

        Second, while backups may restore the system, you may be in the dark as to how the system was compromised in first place. This may not always be the case, but security software may reveal how the malware tried to attack the system.

  34. silentwarrior said on March 30, 2016 at 6:06 pm
    Reply

    You missed WinAntiRansom, it is very effective in blocking Ransomware and wins head to head tests against products you have listed above. Please see the following video of it blocking Petra as proof. https://www.youtube.com/watch?v=3YXYnAiSYrY

  35. brixy said on March 30, 2016 at 4:31 pm
    Reply

    I thought that my antivirus should (at least try) to protect me from all kinds of threats…
    now every av company has this sh..!

    Buy this – because when you were buying other stuff from us we were lying to you that we will do our best to protect you from EVERY POSSIBLE THREAT!

  36. Dacko said on March 30, 2016 at 4:30 pm
    Reply

    Hi,
    Try this antiransomware software ( WinAntiRansom ). It is not free but is excellent.

    https://www.winpatrol.com/WinAntiRansom/

  37. endriu said on March 30, 2016 at 4:00 pm
    Reply

    Hi guys!
    I was wondering which free antivirus/security software would you recommend?
    Or a non-free software but with “lifetime” license (without subscription)?

    Im using COMODO security however wouldn’t mint to change it for something better.

    1. AnorKnee Merce said on May 24, 2017 at 7:47 am
      Reply

      @ endriu

      I recommend Avast Free AntiVirus or AVG Free.

    2. Dave said on March 30, 2016 at 4:31 pm
      Reply

      This isn’t like Photoshop or Excel. Anti-virus is one software category that is subscription-based because the databases constantly need updating. New features in the software itself – such as anti-randsomware – are as essential as the classic features. Using an old version defeats the point of the software and paying the subscription pays for developers to keep the software useful.

      1. Dave said on March 30, 2016 at 9:30 pm
        Reply

        I don’t think you have any “right” for indefinite updates. I don’t like the subscription models used now by the big software companies (eg Adobe and Autodesk). I think these models were introduced so that they don’t have to keep adding new features to get users to upgrade. The whole thing is bad and I could write a lot about it. Not today though.

        It is possible to continue to use old anti-virus software with an old database if you want to. But why should you get lifetime updates unless you have paid a fair price to get them? Something like £1000 upfront maybe. And with that option, I’d prefer the freedom of being able to chose the best product each year when it’s time to renew.

        I don’t understand this expectation. Doesn’t the OP know that a lot of people need to do a lot of work to make these updates, and that they need to be paid a fair wage, and that the updates are ESSENTIAL?

      2. Joel said on March 30, 2016 at 7:45 pm
        Reply

        I’m sure he meant an antivirus that you pay for – once!
        & of course gets updated for life…
        Without needing to pay yearly for the right to get updates.. :)

  38. Maelish said on March 30, 2016 at 3:54 pm
    Reply

    Is this a real problem outside of corporate environments? I know no one who’s had an issue with ransomware.

    1. Nate Phillips said on December 25, 2016 at 6:21 am
      Reply

      I’ve serviced Macs and PCs belonging to home users affected by ransomeware. This is a cybersecurity issue that will only get worse as there are many criminals pursuing the lucrative market of home users. The worst one was only recent where a small business owner had all of his docs, adobe files and pictures locked by RSA-2048 algorithm intrusion. Evidence shows that he opened a email containing JavaScript, .exe, .bat and .cmd. We were successful in removing the infected files but we had to keep the laptop for 2 days. This is occurring every hour nowadays.

    2. Hy said on March 30, 2016 at 6:45 pm
      Reply

      @Maelish: “But do you actually know anyone affected?”

      Yes, I know personally of one person attacked by ransomware. She is in a sciences faculty (department) of a large university in western Europe, and she and her entire department were attacked by ransomware at this time last year.

    3. Tom Hawack said on March 30, 2016 at 4:13 pm
      Reply

      Maybe those you know use anti-ransomware. Ransomware is a true problem and the trend is up. But I wouldn’t advise anyone searching for a first experience with Bitcoins to use anti-ransomware.

      1. AnorKnee Merce said on May 24, 2017 at 7:42 am
        Reply

        @ Jeff-FL

        Many Windows users have a false sense of security, ie they think their computers are invulnerable to ransomware and other malware by just getting fully patched/updated, eg with the March 2017 MS17-010 patch against the Eternalblue/SMBv1 exploit or with the Group A patching method for Win 7/8.1.

        In actual fact, like you said, most users get infected with ransomware by clicking on stuffs foolishly or greedily, No amount of Windows patching can prevent this.
        ……. Similarly, no amount of arrests by the police and relevant news can prevent foolish people from being affected by Internet scams, money scams, Ponzi schemes, etc.

        “A fool and his/her money are soon parted.”
        ……. And not “An unpatched computer and his/her money are soon parted.”

        There are reports that a few Win 7 and Win XP computer users have never patched/updated for years and could still remain uninfected by malware or ransomware. Windows Update for security is way over-rated. In fact, a few users see M$’s Windows Update as a bigger malware and ransomware, eg processor-blocking updates, … and see Win 10 as an NSA spyware.

      2. Jeff-FL said on March 30, 2016 at 11:43 pm
        Reply

        @Maelish, I repair PC’s and have had several customers who’ve been hit with ransomware attacks. It’s very real, and extremely damaging if you don’t have backups.

        As to how they get infected, not much different than how people are infected with other viruses/malware. Generally by doing dumb stuff online, or falling for phishing scams. Visiting some porn sites or other sites (like torrent sites) that promise free movies, music, etc. These type sites can’t get legit ad servers like adsense, so they use shit ad servers that often get infected themselves. Then if the user lacks proper protection, their PC can get infected.

      3. Tom Hawack said on March 30, 2016 at 5:11 pm
        Reply

        @Maelish, Bleepingcomputer dot com has a lot of documentation on ransomware.
        One can start with bleepingcomputer dot com/virus-removal/locker-ransomware-information

      4. Maelish said on March 30, 2016 at 5:03 pm
        Reply

        I stand corrected. Someone I used to work with said they have been hit several times at their business. So this article seems a lot more valid to me suddenly. :-)

      5. Tom Hawack said on March 30, 2016 at 4:51 pm
        Reply

        I don’t know personally anyone having been infected by ransomware but I don’t know everyone. Web search engines offer a plethora of individuals as well as companies (hospitals included) having endured the ransomware infection (yes, even hospitals, no Robin Hood here targeting the bad and wealthy alone). As for the process itself it uses the same paths as any other malware, too many means, vectors to describe them all.

      6. Maelish said on March 30, 2016 at 4:36 pm
        Reply

        But do you actually know anyone affected? How did they get infected?

  39. mo.eu said on March 30, 2016 at 2:58 pm
    Reply

    Martin, another interesting article that set me thinking about what I want to do on my systems. Just one small suggestion apart from what dan mentioned earlier about CryptoPrevent / Hitman Pro: In the table you mention “Malwarebytes Anti-Malware” where I think you mean “Malwarebytes Anti-Ransomware” – I believe these two products are different.

    1. Martin Brinkmann said on March 30, 2016 at 3:38 pm
      Reply

      Thanks, both corrected :)

  40. dan said on March 30, 2016 at 2:38 pm
    Reply

    Nice round-up, Martin. One quick correction: you have listed a Hitman Pro license as required for CryptoPrevent in your comparison table: I believe you meant to put that in the next row down.

  41. Henk van Setten said on March 30, 2016 at 1:39 pm
    Reply

    I’m using Malwarebytes Anti-Ransomware since it came out.

    It uses a kind of heuristic approach that so far got me a false positive once — but in fact, this false positive gave me the idea that the Malwarebytes “proactive” approach may actually work for flagging unusual events with unknown software.

    The case was this: I was using FastCopy to transfer a lot of files from an old encrypted TrueCrypt volume to a new encrypted BoxCryptor volume. This, of course, meant a lot of on-the-fly re-encrypting. Malwarebytes Anti-Ransomware intervened immediately by quarantining the innocent FastCopy. As I say, this false positive in fact bolstered my impression that Malwarebytes Anti-Ransomware may actually be effective in a true ransomware situation.

    Of course the best ransomware protection remains simply this: making frequent system backups on a local harddrive that you always make sure to disconnect right after having refreshed your backup.

  42. cdr said on March 30, 2016 at 1:16 pm
    Reply

    Thanks. I just downloaded and installed the BitDefender selection. While I have good backups and my IDS / IPS warns me about suspect sites, another layer is ok by me.

    1. cdr said on March 30, 2016 at 1:46 pm
      Reply

      I use Norton Internet Security for my base protection. A quick lookup told me it offers crypto protection. How does it compare to those mentioned above?

  43. Dave said on March 30, 2016 at 1:09 pm
    Reply

    I was sort of expecting my anti-virus to protect against this stuff

    1. Martin Brinkmann said on March 30, 2016 at 1:14 pm
      Reply

      Some offer some form of protection, others don’t. What’s the name of your antivirus solution?

      1. Dave said on March 30, 2016 at 1:37 pm
        Reply

        It’s Kaspersky Total Internet Security.

      2. Martin Brinkmann said on March 30, 2016 at 1:52 pm
        Reply

        It seems to protect against screen lockers at the very least: http://support.kaspersky.com/us/12058

  44. T J said on March 30, 2016 at 12:34 pm
    Reply

    Another product from Malwarebytes is Malwarebytes Anti-Exploit.
    It is not anti-ransomware but it does protect vulnerable programs.
    There are 2 versions, free and premium.

    The free version protects Chrome, Firefox (Cyberfox, Palemoon, etc), IE, Opera from exploits. It also protects Java .

    As well as browsers, the premium version protects PDF readers (Adobe, Foxit) , Office (Microsoft, Libre, Open), Media Players (Win media player, VideoLan VLC, Quicktime, Winamp).
    The user can also use custom shields.

    1. BRW said on March 31, 2016 at 1:21 am
      Reply

      Hello
      Found locky and another unknown file associated with locky with I uninstalled BD that I didnt have before I installed it

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.