Anti-Ransomware Software Overview
There are two types of Anti-Ransomware software programs: those that protect the system in real-time against incoming threats, and those that disinfect the system after a successful ransomware attack.
The following overview of anti-ransomware programs looks at programs that have been designed specifically for those purposes.
It doesn't include general purpose security software that includes ransomware protection as well. In addition, we made the decision to separate programs designed to protect the system against ransomware attacks from decryptors that decrypt files after successful attacks.
As far as prevention is concerned, there is more that users can do, for instance making sure they run up to date security software, do back ups of important data and keep the backups detached from the system, or use common sense.
Here is a short introductory video on ransomware.
Anti-Ransomware Software
The following programs are designed to protect against ransomware, and/or disinfect computer systems that are already infected.
The programs are sorted alphabetically, and a table at the end provides you with information on how they stack up against each other.
Only a few provide protection against most, if not all, ransomware types, while most protect you only against certain common types, or let you disinfect an already infected computer system.
The listing is quite large, and will grow only over time as ransomware threats become even more mainstream than they are already.
If you want a recommendation, the best solution in our opinion right now is WinPatrol WAR thanks to its layered approach and solid defense system.
AppCheck Anti-Ransomware
AppCheck Anti-Ransomware protects 32-bit and 64-bit versions of Microsoft Windows against ransomware threats. The program is available as a Home version and commercial Pro version with both versions supporting the same core ransomware protections.
Both versions support real-time protection, exploit protections, and MBR protections, the Pro version adds network protection to the list of available security options.
The program uses a database of ransomware signatures and heuristics to protect against attacks.
AbelSoft AntiRansomware
AbelSoft AntiRansomware is a commercial program that runs a background guard that scans the system for software that resembles ransomware. It uses algorithms to detect ransomware, and protects user folders as well as custom folders by monitoring them specifically for changes.
A 30-days limited trial version is provided on the developer website.
Bitdefender Anti-Ransomware Software
Bitdefender's program runs silently in the background after it has been installed on a supported version of the Windows operating system.
It has been designed to protect the system against the CTB-Locker, Locky and TeslaCrypt crypto ransomware families.
According to Bitdefender, it will protect against known and possible future versions of these families.
CryptoPrevent
CryptoPrevent is a long standing program designed to protect the operating system in real-time against ransomware and other threats.
It displays options on first run to select a protection level which you may increase or decrease as you see fit. The higher the level the better the protection, but the more likely it is that false positives occur.
The program adds group policy objects to the Windows Registry that prevent executable files from running in certain locations on the system. It furthermore uses hash definitions, program filtering and logic based on certain attributes of executable files to determine whether it should be launched on the system.
GridinSoft Anti-Ransomware
GridinSoft Anti-Ransomware is available as a free beta release. The product page offers little information on how the protection works unfortunately, but states that it prevents data from popular ransomware families and cyberlockers.
HitmanPro.Alert
HitmanPro.Alert is on first glance an anti-exploit program which should help against certain ransomware attacks as well.
But instead of stopping there, it includes protection against CryptoGuard ransomware as well. The program requires a valid HitmanPro license.
Interestingly enough, its feature set makes it quite the unique tool even if you compare it against other anti-exploit software such as EMET or Malwarebytes Anti-Exploit.
HitmanPro.Kickstart
HitmanPro.Kickstart is a complementary software for HitmanPro that you can boot from to run HitmanPro to remove ransomware infections from the Windows operating system installed on the PC.
It has been designed specifically to remove lock screen ransomware from the computer system.
Kaspersky Anti-Ransomware Tool for Business
Kaspersky's solution against ransomware is called Kaspersky Anti-Ransomware Tool for Business. While designed for businesses in particular, the program is available as a free download currently on Kaspersky's website.
The anti-ransomware program runs in the background after installation monitoring the file system for suspicious activity. It comes with a signature database to detect known threats, and uses a cloud-based service on top of that.
The program supports rollback operations, and ships with options to trust certain applications.
Malwarebytes Anti-Ransomware (Beta)
Malwarebytes' program is currently offered as a beta that is free to install. It is unclear right now if the program will remain free after the beta or may be integrated in the company's other products.
Apart from preventing infections from known ransomware such as CryptoLocker, CryptoWall, CTBLocker and Tesla, it implements something the developers call proactive protection against ransomware.
Malwarebytes Anti-Ransomware uses advanced proactive technology that monitors what ransomware is doing and stops it cold before it even touches your files. It has no shot at encrypting. And it does not rely on signatures or heuristics, so it’s light and completely compatible with antivirus.
The program needs to run on the computer system to block ransomware from attacking the computer successfully.
McAfee Ransomware Interceptor (Beta)
McAfee Ransomware Interceptor is a beta program designed to monitor the system, detect ransomware processes, and terminate and block them before they start to do damage to the system.
The program offers little information in regards to the ransomware threats that it protects against, or how it determines whether a process is ransomware.
Controls are limited to starting and stopping the monitoring, and to whitelist files to avoid having processes flagged as ransomware that are not.
The only other option provided at this point in time is to view the program's detection log.
SBGuard Anti-Ransomware
SBGuard Anti-Ransomware hardens the operating system against ransomware threats. It is not a a program that monitors the system for threats, but will modify certain settings on the system to make it harder for ransomware to attack the data on it.
According to the description, it injects around 700 Registry entries to force Windows Group Policy to use inbuilt software execution restriction capabilities in certain locations, and prevent certain file types from executing.
Trend Micro Anti-Ransomware Tool
Trend Micro's program for Windows has been designed specifically for lock screen ransomware. It refers to ransomware that limits user access to the computer.
The company has released two versions of the program for home users. The first can be used if the ransomware blocks access to the operating system only, but not to Safe Mode with Networking.
You can run the tool in Safe Mode with Networking then to remove the threat from the system and restore its full functionality.
The second version of the program is provided as a bootable USB version which you can run if both Safe Mode and regular mode are blocked by the ransomware.
WinPatrolWar (formerly known as WinAntiRansom)
WinPatrol War is a commercial anti-ransomware software program that block ransomware threats on Windows systems. While commercial, it is available for a one-time payment starting at $69.95 for a single-device lifetime license, or $19.95 for a single device one-year subscription.
The program uses a layered approach, and mixes it up with all kinds of cool features. For instance, it protects important files using its SafeZone feature to prevent ransomware slipping by from manipulating files.
Other layers include network lockdown, which protects mapped drives, and Registry protection, which protects important Registry keys from being manipulated by ransomware.
While designed specifically for ransomware, WinPatrol War will block other malware as well thanks to its layered approach.
Anti-Ransomware Software Comparison
Program Name | Free | Beta | Ransomware | Real-time Protection | Disinfection | Supported OS | Comments |
AppCheck AntiRansomware | yes | no | 900 signatures, heuristics | yes | no | Windows 7 and up | Free and Pro version, pro version $24.99 per year |
AbelSoft AntiRansomware | no | no | unknown | yes | no | Windows 7 and up |  Trial available, full version price is €14.90 |
Bitdefender Anti-Ransomware | yes | no | CTBLocker, Locky, TeslaCrypt | yes | no | all supported versions of Windows | |
CryptoPrevent | yes | no | unknown, developer cites "large number of cryptoware" | yes | no | Windows XP to Windows 10 | Paid versions available, protects against other malware, folder watch protection |
Gridinsoft Anti-Ransomware | yes | yes | unknown | yes | no | all supported versions of Windows | |
HitmanPro.Alert | no | no | Cryptoware protection | yes | no | Windows XP to Windows 10 | requires HitmanPro |
HitmanPro.Kickstart | no | no | Lock Screen only | no | yes | Windows XP to Windows 10 | requires HitmanPro |
Kaspersky Anti-Ransomware | yes | no | unknown | yes | rollback | all supported versions of Windows | |
Malwarebytes Anti-Ransomware | yes | yes | CryptoLocker, CryptoWall, CTBLocker, Tesla | yes | no | all supported versions of Windows | Proactive Protection against new ransomware |
McAfee Ransomware Interceptor | yes | yes | Most unknown, Locky, TeslaCrypt, WannaCry | yes | no | Windows 7 and up | |
yes | no | against more than 40 tested variants | yes | no | all supported versions of Windows | Honeypot system | |
SBGuard | yes | no | hardens the system | no | no | all supported versions of Windows | |
Trend Micro Anti-Ransomware | yes | no | Lock Screen only | no | yes | all supported versions of Windows | |
WinPatrol War | no | no | most, if not all, ransomware | yes | no | all supported versions of Windows | Layered protection, File, network and Registry protection |
Ransomware Decryption Tools
While it is best to prevent ransomware from landing on a system, the following tools may help you remove ransomware from an infected machine.
The list is updated regularly, if you know of a new program, let us know. Instructions on identifying ransomware are provided when you click on the links.
You may also use services such as No More Ransom or ID Ransomware for help in identifying the ransomware type that infected your machine.
- 777 (Emsisoft, TrendMicro)
- Al-Namrood (Emsisoft)
- Alcatraz Locker (Avast)
- Amnesia (Emsisoft)
- Apocalypse (Avast, AVG, Emsisoft)
- AutoLocky (Emsisoft, TrendMicro)
- BadBlock (Avast, AVG, Emsisoft, TrendMicro)
- Bart (Avast, AVG)
- Cerber (TrendMicro)
- Chimera (TrendMicro)
- CoinVault (Kaspersky)
- Cry128 (Emsisoft)
- Cry9 (Emsisoft)
- CrypBoss (Emsisoft)
- Crypt888 (Avast, AVG)
- CryptInfinite (Emsisoft)
- CryptoDefense (Emsisoft)
- CryptOn (Emsisoft)
- CryptXXX (TrendMicro)
- CryptoMix (Avast)
- Crysis (Avast, TrendMicro)
- Damage (Emsisoft)
- DemoTool (TrendMicro)
- DMALocker (Emsisoft)
- DXXD (TrendMicro)
- Fabiansomware (Emsisoft)
- FenixLocker (Emsisoft)
- FindZip (Avast)
- Globe (Avast, Emsisoft, TrendMicro)
- GlobeImposter (Emsisoft)
- Gomasom (Emsisoft)
- Harasom (Emsisoft)
- HiddenTear (Avast)
- HydraCrypt (Emsisoft)
- KeyBTC (Emsisoft)
- Jigsaw (Avast, TrendMicro)
- Lechiffre (Emsisoft, TrendMicro)
- Legion (Avast, AVG)
- Malboro (Emsisoft)
- Mircop (TrendMicro)
- MRCR (Emsisoft)
- Nemucod (Emsisoft, TrendMicro)
- NMoreira (Emsisoft)
- NoobCrypt (Avast)
- OpenTo You (Emsisoft)
- OzozaLocker (Emsisoft)
- PClock (Emsisoft)
- Philadelphia (Emsisoft)
- Radamant (Emsisoft)
- Rakhni (Kaspersky)
- Rannoh (Kaspersky)
- Shade (Kaspersky, McAfee)
- SNSLocker (TrendMicro)
- Stampado (Avast, Emsisoft, TrendMicro)
- SFZLocker (Avast, AVG)
- Teamxrat/Xpan (TrendMicro)
- TeleCrypt (TrendMicro)
- TeslaCrypt (Avast, AVG, McAfee, TrendMicro)
- Wildfire (Kaspersky, McAfee)
- Xorbat (TrendMicro)
- Xorist (Emsisoft, Kaspersky, TrendMicro)
- WannaCry (TrendMicro, Wanakiwi)
Now You: Did we miss a program? Do you use special software to protect your system against ransomware?
Hi Martin,
Is it possible to update this article for the best anti-ransomware apps for 2020?
Best,
@Martin – RansomFree has been discontinued.
Thank you!
Hi all,
I haven’t planned to post a comment, yet my case can help many to prevent from data kidnapping.
Nearly all my files were encrypted into *.mtogas files (some were not including *.dll, *.ini), and a “_readme.txt” file was left at every folder. It requires an amount of 980 US dollars for data decryption, or half if you pay the bad guy winthin 72 hours. The *.mtogas files have been unable to handle and now all of they now are sort of garbage!
Note: the last 2 letters are the 2 thirds letters in English ABC, you guess, because the rule in this site may prohibit to public something harmful, I’m not sure.
Hope someone will help.
Many thanks.
Jim Alexander.
I think 360 TS has the best, free anti-ransomware. I thought RansomFree was good, but it seems to fail many tests, but I still use it anyway as it uses honeypots and it’s free. Also note that CryptoPrevent is sadly no longer free.
I spy a scammer! 360 the best?!?
https://www.2-spyware.com/remove-360-total-security-virus.html
https://forums.malwarebytes.com/topic/178184-is-qihoo-360-total-security-safe
http://www.tomsguide.com/answers/id-2350774/360-total-security-malware-removal.html
Thanks again Martin, great list!
Like you said, I do backups, both manual and auto backups, so I guess I have little to worry about.. Regardless, without any anti-ransomware I got hit by some ransomware two years ago on my Win PC that sort of encrypted an ext drive (IDK what it did exactly or how I got it). I think it may have come in through an Android tablet, but IDK. As it was, it corrupted the file names but I found and removed the bugger before it did any more damage or locked my PC. Likewise, I was able to recover my file names after some tinkering. I forget what I did exactly, but I know I ran a full scan, found and removed the ransomware, ran Bleachbit + CCleaner, and I did a system restore, and it worked. I suspect I got hit by some ransomware that was buggy and/or weak, which was a good thing for me, yet it was still a pain.
That said, I now run Windows Defender, Bitdefender Anti-Ransomware, CryptoPrevent, and RansomFree, with no compatibility issues to speak of.
Add some Application Control to your Windows 7/8/10 (Home Edition) machine. As a home user you probably can’t get your hands on tools like SRP, AppLocker, AppSense Application Control, Palo Alto Traps or UBA solutions like SentinalOne. But you can block the unknown with a program called VoodooShield, this will run side-by-side with your AV and network security program and will popup when “something” unknown wants to execute on your machine.
Here you can see how it blocks WannaCry v2:
https://www.youtube.com/watch?v=1fYL4ECVOfs
I use iobit software excllent anto ransome ware .They have agreat deal of different software for
your computer check it out. Thanks
Thank you for your reply, Martin. I am concerned about the risks posed today (shouldn’t we all be?) but my security practices are thorough (hence me considering anti-ransomware software).
Maybe I will try 1 or 2 of the products mentioned in the article (1 at a time, obviously), and report back here as to whether there is any performance hit. If there is not, then perhaps there is no harm in running an additional anti-ransomare product for extra security.
Is it advisable to run separate anti-ransomware software too, if one’s current anti-virus solution has some anti-ransomware functionality? Obviously, running 2 solutions may provide more security, but in the past with anti-virus software the consensus has been not to run 2 products at once to prevent conflicts and performance impact. FWIW, I’m currently running Avast and am considering whether to add one of the free solutions in the article as reinforcement.
Rich it depends but my answer to that would be no usually unless you are very insecure when it comes to the Internet or don’t follow best security practices (such as installing security updates and keeping software up to date).
You may not get a lot of mileage out of running one of the free solutions if your resident antivirus solution protects you against (some) ransomware attacks already.
Eset Smart security and NOD detect ransomware like wannacry
there are 100’s of malware protection ,but to download them all will have the most malware on system possible ,am using malawarebyts.com and am fine ,
there are so many system cleaning tools ,but to download them all ,will have the most jammed computer an using cclean and am fine ,
there are so many anti virus programs ,but if will download them all ,will be the most infected ,am using trend micro and am fine ,
but when it comes to ransome ,was still getting them,but again here to download all ransome protection ,will just be conflict each other and will have no protection at all ?
any tips ,advice, aside trend micro which is the top rated anti ransome program ,what else me to do ??
There’s no question, trying to protect our home/small business machines is huge, & a huge time sucker these days! Plus needing to be a rocket scientist. ;) Additionally , it’s so individualized (not talking enterprise), while we get excellent recommendations & advice, it may not work on my/your particular machine machine, for any number of reasons. And, of, if makes my machine to slow, too inconvenient or complicated, I’m not gonna use, or use it less than %100, thus leaving me vulnerable.
And, I’m not even mentioning the privacy concerns that are fundamentall to thinking about the security of my systems.
Geez, “May we live in interesting times.”
Thank you Martin, for all your contributors, commentariats & for this terrific site!
You asked about other products besides antiransomware dedicated.
1. Appguard
2. Voodooshield
3. Shadow Defender
Always have a good image program. Anyone giving advice to not should, is giving bad advice.
If you want to test ransomware on your own to see what really works, go to testmyav dot com. You will need a LinkedIn acoount to be able to download them.
AppGuard and VoodooShield are both superb antimalware products
hi guys, does anyone knows how to run MB Anti-Ransomware Silently or hide it from systray atleast.
Another product is TEMASOFT Ranstop. It does reactive detection and blocking of ransomware, including ransomware that runs from remote, or runs in legitimate processes (scripts executed by the browser, etc). In addition it does real time file protection so and recovers affected files automatically. In case of undetected threats, you can still recover the files manually.
You should check out MalwareFox too.
HI
Can you test AppCheck (free) anti-ransomware? It’s available here
https://www.checkmal.com/en/
Second that…
Given that these apps evidently don’t protect against the same ransomewares, how many do you recommend simultaneously running real time in addition to a user also running an antivirus and a HIPS app. (Malware Defender or WinPatrol) real time?
I have a Dell Latitude E6500 with 4 GB RAM, an Intel Core 2 CPU P8700 running at 2.53 and 2.54 GHz, using 32-bit Win 7 Home Premium. The hard drive is 200 GB or more.
this project fight ransomware in different way https://www.kickstarter.com/projects/1707157687/ransomware-immunizer?ref=user_menu
if you want to see some real life testing. go watch cruelsister videos posted on youtube. she not only knows what she is doing but has awesome tunes during her videos too. she has tested various software including WAR. if she makes a bypass, she will work with the program author to help get it fixed. you can find her on malwaretips.
Okay, there’s a 1. She pop’s right up when you add the 1. Thanks.
i looked and couldn’t find her videos.
https://www.youtube.com/results?search_query=cruelsister1
Are any of the other AV security products developing a solution? I’ve seen write-up that Emsisoft does. I was wondering about other popular ones such as Avast, AVG, Kaspersky, Webroot, and others I do not recommend such as Symantec Norton and Intel McAfee? Thanks for putting the list together.
trend micro max 10 did not install on safe mode ,it asks me to go to regular mode ;
while I installed it ,it says its in conflict with malawarebytes .do I have to choose one over the other ?
Does it really matter which tool you use? I mean seriously, they all updating the databases and trying to improve their tools asap. Again it’s more matter of which solution / company you can trust.
I think they all suck if new stuff popping up, since you can’t protect against something which you not know about.
minerva-labs.com covers all ransomeware.. not sold to private people though..
@Martin Brinkmann: CryptoPrevent blocks CryptoLocker variants, copycats, and similar ransomware.
You can read more about there blocking/filtering module here: https://www.foolishit.com/cryptoprevent-malware-prevention/technical-information/, more towards the bottom.
1. I use HitmanPro.Alert and Emsisoft Anti-Malware. I’m considering WinAntiRansom (WAR) in addition. Can anybody tell me if what I have is enough, or would adding WAR be a good additional “set of eyes” on the problem?
2. I’ve had the FBI virus (if that’s the proper description) twice and something else once (on a different computer with different software from what’s listed above). I didn’t spend a lot of time reading the instructions; I knew immediately it was malware and restored a system image to solve the problem each time. One of these I’m pretty sure I got from Amazon.com. Another I think I got from a music site (can no longer remember the name). The other I don’t know. Can anybody tell me if the FBI thing is actually ransomeware? I think it was out before the term “ransomeware” came into common usage.
3. So, Maelish, while it may not be common on an individual home computer, it’s possible and should be taken seriously.
4. I’m using the Pale Moon browser. This page scrolls very slowly, and when typing the letters are delayed in appearing. Anybody know what’s going on? I’m new to this site but don’t think this should be normal anywhere.
How about Heimdal Pro (https://heimdalsecurity.com/en/)? It’s often available free for a year’s subscription.
Anyone have any views on the same as regards protection against ransomware?
I use HitmanPro Alert since the first beta.
Everyone should be creating backups! if you have friends or relatives who are noobs, insist they make backups. Any data you value should always be in at least two places at the same time. Having solid backups removes the power from malware like this.
WinAntiRansom blocks Petra!!!
https://www.winpatrol.com/winantiransom/
Review coming tomorrow.
Out of the free ‘better looking ones’ [capability and reputation wise] such as MalwareBytes and Bitdefender – which would U recommend?
and should this quote of MalwareBytes download page [on their forum] trouble me and have me choose BD over MB?
“As this is the very first beta we do encourage beta users to install the product in non-production environments for testing purposes.”
Thanks for info!
@ Martin & all the informative users\commentators
One thing is sure as always : the ability of the market to propose applications which correspond to public expectations but also the risk as always to have this market offer applications that “fit” rather than quality code that ‘handles”. i’m pointing no company in particular but maybe is it worth reminding that a software’s name and pretensions doesn’t qualify it as such to be the right product. We know this happens with anti-virus, anti-malware products so it may be worth reminded that anti-ransomware specific applications make no exception to the rule.
I hear, read here an orchestra of praise for WinAntiRansom, fine, why not? But I wouldn’t consider a product to be in principle the best on the basis it is acclaimed by a trio of fans, whatever their sincerity that I do not doubt of.
Facts, as far as I’m concerned, are called Hitmanpro.Alert together with Hitmanpro.kickstart requiring an annual license valid for both. A highly sophisticated product in its architecture though so easy to use for everyone. I’ve never had the slightest problem with either and I am assured both are as efficient as can be. Moreover both handle anti-ransomware as other system-wide protections not found in traditional anti-malware.
I just wished to share this experience together with a modest general recommendation. In times of crisis it is often a reflex to jump too quickly to solutions we may not have weighed extensively enough.
Joel, I would not run beta software on a machine you require or do work on.
Alright, thanks!
So if anyhting – BitDefender it shall be then :)
Does Ransomware use its own encryption tools to encrypt the files, or does it rely on Windows BitLocker? As a Home version user, I don’t have BitLocker…
Beer, it uses its own encryption.
yes, my backups are always full disk copies including mbr.
my data is usually kept on a separate disk, too.
Certainly the best security policy (separate disk connected only for backup/restore). OK.
Thanks for the article, Martin!
It’s doubtful that I’d ever install anti-ransomware software because I do backup regularly, and I keep the 4 previous backsups on hand at all times. Those backups are stored on an external drive that is never connected, except for doing backup or restore operations, and it only takes about 7 to 10 minutes to do a full restore. Of course, something could happen that might eventually change my mind, but for now I’ll stick with my current plan as it is working quite well.
Malware can infect a HDD’s boot sector, but you must know that better than I, so I guess your backups include the entire source disk and not files alone.
Oz’s ‘7 to 10 minutes to restore’ comment sounds very much like an image restore tool, such as Macrium Reflect, so I’m close to certain he’s referring to a full partition backup.
I do a similar thing – upon waking up every morning, I power on the PC, and then run a script that a) does a complete image of my C: drive and b) creates a separate backup of my firefox profile (using Mozbackup). Today’s image replaces the one before it, so they don’t stack up. If disaster were to strike, I never have to go back further than the morning of the same day.
Heyyy,
A quick word of ‘why isn’t backing up files alone, enough’?
o.O
Joel, backups may be enough, but there are two issues. First, depending on when the backup gets done and how it is done, it may include the malware already or even backup the encrypted files. This can be overcome of course by creating independent backups and keeping them stored in a place that is not connected to your PC.
Second, while backups may restore the system, you may be in the dark as to how the system was compromised in first place. This may not always be the case, but security software may reveal how the malware tried to attack the system.
You missed WinAntiRansom, it is very effective in blocking Ransomware and wins head to head tests against products you have listed above. Please see the following video of it blocking Petra as proof. https://www.youtube.com/watch?v=3YXYnAiSYrY
I thought that my antivirus should (at least try) to protect me from all kinds of threats…
now every av company has this sh..!
Buy this – because when you were buying other stuff from us we were lying to you that we will do our best to protect you from EVERY POSSIBLE THREAT!
Hi,
Try this antiransomware software ( WinAntiRansom ). It is not free but is excellent.
https://www.winpatrol.com/WinAntiRansom/
Hi guys!
I was wondering which free antivirus/security software would you recommend?
Or a non-free software but with “lifetime” license (without subscription)?
Im using COMODO security however wouldn’t mint to change it for something better.
@ endriu
I recommend Avast Free AntiVirus or AVG Free.
This isn’t like Photoshop or Excel. Anti-virus is one software category that is subscription-based because the databases constantly need updating. New features in the software itself – such as anti-randsomware – are as essential as the classic features. Using an old version defeats the point of the software and paying the subscription pays for developers to keep the software useful.
I don’t think you have any “right” for indefinite updates. I don’t like the subscription models used now by the big software companies (eg Adobe and Autodesk). I think these models were introduced so that they don’t have to keep adding new features to get users to upgrade. The whole thing is bad and I could write a lot about it. Not today though.
It is possible to continue to use old anti-virus software with an old database if you want to. But why should you get lifetime updates unless you have paid a fair price to get them? Something like £1000 upfront maybe. And with that option, I’d prefer the freedom of being able to chose the best product each year when it’s time to renew.
I don’t understand this expectation. Doesn’t the OP know that a lot of people need to do a lot of work to make these updates, and that they need to be paid a fair wage, and that the updates are ESSENTIAL?
I’m sure he meant an antivirus that you pay for – once!
& of course gets updated for life…
Without needing to pay yearly for the right to get updates.. :)
Is this a real problem outside of corporate environments? I know no one who’s had an issue with ransomware.
I’ve serviced Macs and PCs belonging to home users affected by ransomeware. This is a cybersecurity issue that will only get worse as there are many criminals pursuing the lucrative market of home users. The worst one was only recent where a small business owner had all of his docs, adobe files and pictures locked by RSA-2048 algorithm intrusion. Evidence shows that he opened a email containing JavaScript, .exe, .bat and .cmd. We were successful in removing the infected files but we had to keep the laptop for 2 days. This is occurring every hour nowadays.
@Maelish: “But do you actually know anyone affected?â€
Yes, I know personally of one person attacked by ransomware. She is in a sciences faculty (department) of a large university in western Europe, and she and her entire department were attacked by ransomware at this time last year.
Maybe those you know use anti-ransomware. Ransomware is a true problem and the trend is up. But I wouldn’t advise anyone searching for a first experience with Bitcoins to use anti-ransomware.
@ Jeff-FL
Many Windows users have a false sense of security, ie they think their computers are invulnerable to ransomware and other malware by just getting fully patched/updated, eg with the March 2017 MS17-010 patch against the Eternalblue/SMBv1 exploit or with the Group A patching method for Win 7/8.1.
In actual fact, like you said, most users get infected with ransomware by clicking on stuffs foolishly or greedily, No amount of Windows patching can prevent this.
……. Similarly, no amount of arrests by the police and relevant news can prevent foolish people from being affected by Internet scams, money scams, Ponzi schemes, etc.
“A fool and his/her money are soon parted.”
……. And not “An unpatched computer and his/her money are soon parted.”
There are reports that a few Win 7 and Win XP computer users have never patched/updated for years and could still remain uninfected by malware or ransomware. Windows Update for security is way over-rated. In fact, a few users see M$’s Windows Update as a bigger malware and ransomware, eg processor-blocking updates, … and see Win 10 as an NSA spyware.
@Maelish, I repair PC’s and have had several customers who’ve been hit with ransomware attacks. It’s very real, and extremely damaging if you don’t have backups.
As to how they get infected, not much different than how people are infected with other viruses/malware. Generally by doing dumb stuff online, or falling for phishing scams. Visiting some porn sites or other sites (like torrent sites) that promise free movies, music, etc. These type sites can’t get legit ad servers like adsense, so they use shit ad servers that often get infected themselves. Then if the user lacks proper protection, their PC can get infected.
@Maelish, Bleepingcomputer dot com has a lot of documentation on ransomware.
One can start with bleepingcomputer dot com/virus-removal/locker-ransomware-information
I stand corrected. Someone I used to work with said they have been hit several times at their business. So this article seems a lot more valid to me suddenly. :-)
I don’t know personally anyone having been infected by ransomware but I don’t know everyone. Web search engines offer a plethora of individuals as well as companies (hospitals included) having endured the ransomware infection (yes, even hospitals, no Robin Hood here targeting the bad and wealthy alone). As for the process itself it uses the same paths as any other malware, too many means, vectors to describe them all.
But do you actually know anyone affected? How did they get infected?
Martin, another interesting article that set me thinking about what I want to do on my systems. Just one small suggestion apart from what dan mentioned earlier about CryptoPrevent / Hitman Pro: In the table you mention “Malwarebytes Anti-Malware” where I think you mean “Malwarebytes Anti-Ransomware” – I believe these two products are different.
Thanks, both corrected :)
Nice round-up, Martin. One quick correction: you have listed a Hitman Pro license as required for CryptoPrevent in your comparison table: I believe you meant to put that in the next row down.
I’m using Malwarebytes Anti-Ransomware since it came out.
It uses a kind of heuristic approach that so far got me a false positive once — but in fact, this false positive gave me the idea that the Malwarebytes “proactive” approach may actually work for flagging unusual events with unknown software.
The case was this: I was using FastCopy to transfer a lot of files from an old encrypted TrueCrypt volume to a new encrypted BoxCryptor volume. This, of course, meant a lot of on-the-fly re-encrypting. Malwarebytes Anti-Ransomware intervened immediately by quarantining the innocent FastCopy. As I say, this false positive in fact bolstered my impression that Malwarebytes Anti-Ransomware may actually be effective in a true ransomware situation.
Of course the best ransomware protection remains simply this: making frequent system backups on a local harddrive that you always make sure to disconnect right after having refreshed your backup.
Thanks. I just downloaded and installed the BitDefender selection. While I have good backups and my IDS / IPS warns me about suspect sites, another layer is ok by me.
I use Norton Internet Security for my base protection. A quick lookup told me it offers crypto protection. How does it compare to those mentioned above?
I was sort of expecting my anti-virus to protect against this stuff
Some offer some form of protection, others don’t. What’s the name of your antivirus solution?
It’s Kaspersky Total Internet Security.
It seems to protect against screen lockers at the very least: http://support.kaspersky.com/us/12058
Another product from Malwarebytes is Malwarebytes Anti-Exploit.
It is not anti-ransomware but it does protect vulnerable programs.
There are 2 versions, free and premium.
The free version protects Chrome, Firefox (Cyberfox, Palemoon, etc), IE, Opera from exploits. It also protects Java .
As well as browsers, the premium version protects PDF readers (Adobe, Foxit) , Office (Microsoft, Libre, Open), Media Players (Win media player, VideoLan VLC, Quicktime, Winamp).
The user can also use custom shields.
Hello
Found locky and another unknown file associated with locky with I uninstalled BD that I didnt have before I installed it