Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What about dedicated Anti-Ransomware products ?


  • Please log in to reply
4 replies to this topic

#1 Slaheddine_Djait

Slaheddine_Djait

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 31 January 2018 - 11:32 AM

What do you think about dedicated Anti-Ransomware products like Malwarebytes Anti-Ransomware Beta, Cybereason RansomFree, ZoneAlarm Anti-Ransomware, Kaspersky Anti-Ransomware, etc ?

Are these products mature enough ? Are they effective ? Can they be recommended for businesses ?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 PM

Posted 31 January 2018 - 12:55 PM

You should use an Anti-Exploit program to help protect your computer from zero-day attacks and rely on behavior detection programs rather then standard anti-virus definition (signature) detection software only. This means using programs that can detect when malware is in the act of modifying/encrypting files AND stop it rather than just detecting the malicious file itself which in most cases is not immediately detected by anti-virus software.
 
I keep an updated list of ransomware prevention tools (Post #2) in this topic. Be sure to read the Important Note below the list.

To protect against ransomware, I use the following:

I also use Emsisoft Anti-Malware which includes exploit protection. Emsisoft's Behavior Blocker is effective against unknown zero-day attacks, file-less malware that resides only in memory, zombies (the hijacking of host processes to load malicious code which execute via script parser programs), and file-encrypting malware (ransomware) attacks. With the release of v2017.5, Emsisoft now has a separate Anti-Ransomware module.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 midimusicman79

midimusicman79

  • Members
  • 618 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:10:16 PM

Posted 01 February 2018 - 11:48 AM

Hi, Slaheddine_Djait!

Gradually, as more and more Anti-Virus and Anti-Malware vendors add Anti-Ransomware and Anti-Exploit protection functionalities/modules to their security software, dedicated/stand-alone Anti-Ransomware products may become redundant.

Regards,
midimusicman79

Edited by midimusicman79, 02 February 2018 - 11:37 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#4 SaraDominus

SaraDominus

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:01:16 PM

Posted 12 February 2018 - 09:15 AM

If ransomware gets past your antivirus, chances are good that within a short while an antivirus update will clear the attacker from your system. The problem is, of course, that removing the ransomware itself doesn't get your files back. The only reliable guarantee of recovery is maintaining a hardened cloud backup of your important files.
 
Even so, there's a faint chance of recovery, depending on which ransomware strain encrypted your files. If your antivirus gives you a name, that's a great help. Many antivirus vendors, among them Kaspersky, Trend Micro, and Avast, maintain a collection of one-off decryption utilities. In some cases, the utility needs the unencrypted original of a single encrypted file to put things right. In other cases, such as TeslaCrypt, a master decryption key is available.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 PM

Posted 12 February 2018 - 01:54 PM

That's why folks need to use an Anti-Exploit program and rely on behavior detection programs rather then standard anti-virus definition (signature) detection software only.

Whether you can recover (decrypt) your files or not depends on what ransomware infection you are dealing with, the type of encryption used by the malware writers and a variety of other factors. All crypto malware ransomware use some form of encryption algorithms, most of them are secure, but others are not. The possibility of decryption depends on the thoroughness of the malware creator, what algorithm the creator utilized for encryption, discovery of any flaws and sometimes just plain luck. Newer ransomware variants use a public and private key system where the public key is used to encrypt and the private key is used to decrypt. The private key is stored on a central server maintained by the cyber-criminals and not available unless the victim pays the ransom or at some point, law enforcement authorities arrest the criminals...seize the C2 server and release the private RSA decryption keys to the public. In some cases, the cyber-criminals, for whatever reason, choose to release the master keys after a period of time but that too is not a guarantee.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users