RansomFree: protect your PC against ransomware

RansomFree is a new free program for the Microsoft Windows operating system to protect your PC against ransomware attacks.

The program is fully compatible with 32-bit and 64-bit versions of Windows 7 and newer, as well as  Windows server operating systems.

RansomFree needs to be installed on the target machine. The protection that it adds to the system is interesting, as it creates a number of files on the system that it monitors for changes.

These files use characters that place them at the top of the directory structure. The idea is that ransomware will parse for files using the same structure so that the created files will be targeted first by the attack.

The company behind the product believes that this is the best proactive way to detect ransomware on a PC at the earliest.

RansomFree

ransomfree

The folder name at the very least seems to be randomized during creation, and this is probably also the case for the files that are placed inside the folders the program creates.

Ransomfree places popular file formats, docx, doc, sql, xls and so on in the folder which are often targeted by ransomware attacks as they are - usually -- personal or work related.



Cybereason researched more than 40 ransomware strains, including Locky, Cryptowall, TeslaCrypt, Jigsaw and Cerber and identified the behavioral patterns that distinguish ransomware from legitimate applications. Whether a criminal group or nation created the program, all ransomware functions the same way and encrypts as many files as possible. These programs can’t determine what files are important so they encrypt everything based on file extensions.

The Ransomfree process runs in the background, and monitors the folder and files for changes. It will block any process that modifies folders or files that it monitors.

Read also:  Nvidia GeForce Experience Node.js security vulnerability

So, the theory is that it can block ransomware from infecting "real" files on the system through the use of honeypots. If that is really the case depends largely on the ransomware and how it operates.

ransomfree-files

The guys over at Bleeping Computer tested the security program against a limited set of ransomware -- Locky, Cerber and Globe -- and the program managed to stop the attacks dead in their track.

CyberReason, the company that is behind for RansomFree states that the program protects against more than 40 different ransomware families including stand-alone ransomware programs as well as so-called file-less ransomware which uses vulnerabilities and legitimate Windows tools such as PowerShell to carry out attacks.

The program supports detection on local drives but also on network drives.

Cyberreason created a demonstration video that shows how RansomFree operates

Closing Words

Security companies left and right started to create anti-ransomware solutions to better protect PCs against ransomware threats. The methods they use differ and so does their effectiveness. It is best to complement anti-ransomware tools with other means including backup creation and resident security solutions such as a properly configured firewall.

Summary
Author Rating
3 based on 4 votes
Software Name
RansomFree
Operating System
Windows
Software Category
Security
Landing Page

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to RansomFree: protect your PC against ransomware

  1. Jojo December 20, 2016 at 9:14 am #

    8200 Whoot! Whoot!!
    P.S. Would you recommend all to use it Martin?
    =]

    • Martin Brinkmann December 20, 2016 at 1:32 pm #

      I don't think it is necessary if you have a proper security setup and use common sense. But your Uncle Jim, whose computer seems to get infected with ransomware every other week or so, he may benefit from it.

      • Jack Alexander December 21, 2016 at 7:12 am #

        On my machine I have SyncBackFree and it is set to backup myDocuments at 5 am every day. This program prevents that from happening as well as a manual back-up. I recommend BitDefender Anti-Ransomeware. I haven't noticed if it has any other bad effects on other programs. I removed it and put BitDefender back in.

  2. Jojo December 20, 2016 at 9:46 am #

    This will work until the rasomware companies add the honeypot files to their exclude lists. Of course, they own copies of software like this.

    • Tom Hawack December 20, 2016 at 12:33 pm #

      I think a major point is the one the article starts with,
      "The folder name at the very least seems to be randomized during creation, and this is probably also the case for the files that are placed inside the folders the program creates."

      From there on, cat and mouse will continue the battle.

      At this time I'm relying on HitmanPro.Alert to keep the machine protected from cryptoware as well as other intruders.

      Cross-fingers.

    • Martin Brinkmann December 20, 2016 at 1:33 pm #

      Right, the question is, will they put in the effort to bypass this security program that is probably only going to get installed on thousands of PCs? I can see them doing this for widely spread software but probably not for something unless it becomes a hit.

  3. Karol December 20, 2016 at 11:33 am #

    Isn't enough using Sandboxie and a firewall with HIPS?

    • DVDRambo December 21, 2016 at 6:01 am #

      Yes. It is enough with today's technology. I've used Sandboxie on six computers for over five years. It has contained all forms of malware that was picked up unknowingly on the web and webmail. When it is locked up, a hard shutdown and restart brings back a clean system. I set Sandboxie to always delete the sandbox, and use ccleaner as a backup cleaner. Sandboxie is awesome, it just has to be used all the time. With the paid version I have Chrome and Opera sandbox automatically. Only Edge really can't be fully Sandboxed.

    • J0J0 December 21, 2016 at 7:30 am #

      Question :
      how does it go exactly, with 'sandboxie' (haven'tused such b4) I just install i, then choose to run chrome/ff on it and it'll basically provide me that desired safe environment?
      Does it affect performance, at all??
      I already got slowness issues due to old & low specs, can't afford anymore slowness on my pc :l
      thanks!
      Other than that, i do use common sense as much as possible =)

  4. J0J0 December 20, 2016 at 12:07 pm #

    Am I dreaming, or did my comment accidently [] vaporize? =l

  5. clas December 20, 2016 at 2:17 pm #

    hi martin. as much as i like the premise of this program, after reading its disclaimers, i find that it is constantly connected in real time to its own servers monitoring my computer. to me that seems like its a spyware itself...watching everything i do and recording it. so for now, until i learn more about it, i will stick with the standard stuff, always sandboxed and somewhat reasonable in what i do.
    as always, thanks for the info. clas

  6. Haakon December 20, 2016 at 7:14 pm #

    I'm not seeing the "constantly connected" reported by clas.

    Every ten minutes cybereasonservicehost.exe connects for a 4.5kb exchange to s3-1.amazonaws.com or an IP in Amazon's 52.192.0.0/11 and 54.230.0.0/15 CIDRs. (Remote points may differ depending on user local.)

    • My concern is Cybereason's use of two unsigned Amazon libraries, AWSSDK.S3.dll and AWSSDK.Core.dll. And RestSharp.dll from the "RestSharp Community," also unsigned.

    Otherwise, a wait-and-see on my Win10 test box.

    Looks promising if it can play well with others in a primary/layered schema (i.e. with Bitdefender Internet Security and WinPatrol WAR.)

    Thanks Martin!

    • Haakon December 20, 2016 at 8:39 pm #

      Forgot to mention: Cybereasons' libraries are signed SHA-1 but FWIW Symantec.

  7. Av-Gurus December 21, 2016 at 12:10 am #

    Doesn't protect others drive then C:
    Tested that and files on drive D: get encrypted.

  8. Peter O December 21, 2016 at 5:25 am #

    Not a sufficiently well researched article on this new program to persuade us that it's genuinely effective & safe compared to other options.

  9. Adrian Kentleton December 31, 2016 at 12:10 pm #

    I am concerned it is regularly connecting to the internet. Why? Will it not work unless that is allowed? I have blocked it via my firewall.

  10. Marc Soersken January 20, 2017 at 12:39 pm #

    We're using this software on our server to
    detect and block ransomware.
    The tool is freeware and available in german and english.
    You'll find it here. Needs .net 3.5

    http://litschi.de/edv-service/software-2/ranosom

Leave a Reply