Detect Outlook Ransomware emails with RansomSaver
RansomSaver is an add-in for Microsoft's Outlook messaging software that detects and protects against ransomware emails.
Email is one of the main attack vectors of ransomware attacks. While there are other means of distribution, email is still a lucrative option considering that attackers may send emails to millions of users in a short period of time.
It does not help either that a lot of computer users are still undiscerning when it comes to email security. If all users would be very careful in regards to links and file attachments, the overall situation would be much brighter in regards to computer security, hacked accounts and botnets.
RansomSaver is an add-in for Microsoft Outlook. The add-on is compatible with all 32-bit and 64-bit versions of Microsoft Outlook starting with Outlook 2007 and including Outlook 2016 and Outlook for Office 365. It runs on all systems newer than Windows XP.
The application is installed as an Outlook add-in which means that it is integrated into Outlook automatically when you install it. It works out of the box, and comes with a handful of options on top of that.
The program's main function is a scan for ransomware. It checks emails that you select for ransomware attachments, and may delete the entire message or only the attachment.
The add-in moves the emails to a special folder called RansomSaver that it creates as a child folder of deleted items in Outlook.
It is unclear from the description on the developer website how the add-in determines whether an attachment is potentially malicious or not. The FAQ lists extensions that RansomSaver considers suspicious.
The options that the program supports are simple: you may enable or disable the removing of attachments and/or emails, disable the scan functionality until the next Outlook start, and disable the scanning of the deleted items folder of Outlook.
Options are accessible from the add-in's toolbar. There you find options to scan existing folders for ransomware attachments and a link to the incident log as well.
Here is a short video that highlights the add-in's functionality:
RansomSaver serves two main purposes: to detect potential threats when users open emails, and to scan all existing emails for threats. Experienced users won't have much use for it, at least not when it comes to their own systems, but it may protect inexperienced users from executing file attachments on their devices.
The first thing I do when I receive an email from an unknown source is to hit CTRL+U to load the headers and determine where it came from and where any links will take me. Anything suspicious gets trashed immediately.