Today Malwarebytes announced their latest security offering called Malwarebytes Anti-Ransomware.  Malwarebytes Anti-Ransomware, or MBARW for short, is currently in beta and is a small utility that runs in the background while quietly monitoring computer for behavior associated with file encrypting ransomware.  When it detects associated behavior it automatically blocks the thread from encrypting your data, quarantines the executable, and alerts you that something was detected. 

Malwarebytes Anti-Ransomware is currently being released as a free standalone product that anyone can use to protect their computer. With ransomware being one of the biggest computer security threats currently affecting users, tools dedicated to its prevent is a welcome one.  

Malwarebytes feels the same way as according to Nathan Scott, the leader technical developer of Malwarebytes Anti-Ransomware, "I'm thrilled with the release of this application as it has finally brought together all of the ideas from our top developers who sought one common goal; to stop victims from getting infected by Ransomware. We want to make ransomware a thing of the past and this application is going to get us much closer to that day."

On release, I tested this product against ransomware samples such as the heavy hitters TeslaCrypt and CryptoWall as well as smaller ones like Magic Ransomware and LeChiffre. Knowing this was a beta and expecting bugs, I was pleasantly suprised that Malwarebytes Anti-Ransomware did a great job stopping threads that were trying to encrypt the files on my test computer. On each test it terminated the threads or processes, quarantined the associated executables, and issued a detection alert notifying me of the threat.

Ransomware Detection Alert
Ransomware Detection Alert

Though Malwarebytes Anti-Ransomware did a terrific job protecting the test computer, I did notice that on the smaller ransomware infections such as LeChiffre and Magic, one or two files were encrypted before MBARW kicked in and blocked the encryption thread. Also MBARW currently allows other ransomware actions such as removing shadow volume copies and creating ransom notes to occur. Finally, Malwarebytes Anti-Ransomware is currently labeling all detected ransomware as Malware.Ransom.Agent.Generic rather than more descriptive names that help identify the particular family the infection belongs to. 

Quarantine Screen
Quarantine Screen

According to Nathan Scott, "This version of Malwarebytes Anti-Ransomware is focused on stopping the ransomware at all costs and eliminating any false positives. The next beta version will have a stronger focus on preventing ransomware actions such as shadow volume manipulation, the creation of ransom notes, and to properly identify the ransomware families."

Without a doubt, Malwarebytes Anti-Ransomware Beta makes a strong debut with its ability to stop ransomware from encrypting your data. Along with other products such as Emsisoft Anti-Malware's Behavior Blocker and SurfRight's HitmanPro.Alert, Malwarebytes Anti-Ransomware provides strong protection against current and future ransomware threats.

For those who want to help beta test this product, we have setup a dedicated Malwarebytes Anti-Ransomware topic where you can ask questions and leave feedback for the developers. Also, Malwarebytes has setup a dedicated forum where you can post feedback regarding the product.

Related Articles:

The Week in Ransomware - December 14th 2018 - Slow Week

Company Pretends to Decrypt Ransomware But Just Pays Ransom

The Week in Ransomware - December 7th 2018 - WeChat Ransomware, Scammers, & More

Ransomware Infects 100K PCs in China, Demands WeChat Payment

Chinese Police Arrest Dev Behind UNNAMED1989 WeChat Ransomware