Outmaneuver Ransomware Threats and Keep Data Safe

Ransomware made a huge splash in 2016. There’s no denying the motivation here: Money—as in virtually untraceable, digital cryptocurrency—has made this segment of the security realm nearly unstoppable. And if it continues to grow as projected, its reach will extend to more and more users, bringing in tens of millions of dollars for threat actors wishing to cash in on the epidemic.

So what does this mean for your data if it’s something that can’t be stopped? Well, many of the best practices still apply. For instance, making sure you’re up to date on system and application patches, rolling out modern antivirus with malware protection that is both updated and that actively runs in the background, and performing multiple scheduled backups are good computing habits. Of course, staying clear of questionable websites and not clicking on links or attachments sent to you via email, social media, or just about anywhere are excellent safety guidelines to practice too.

But even with all that, you’re still susceptible to data compromise. So what’s next? Well, next might be RansomFree. This proactive ransomware detection application watches your computer for files being accessed and monitors their interaction closely to determine whether encryption is taking place. Using behavioral detection techniques, if RansomFree determines the behavior being displayed to be ransomware, it immediately halts the process and flags it, creating an alert onscreen. At that point, the user must authorize the process before it will proceed, according to RansomFree’s developer.

How does it do it?

The secret to RansomFree’s success is not in signature files similar to antivirus applications, but rather in how it detects ransomware-like behavior (e.g., the local encryption of user data). This makes the application good at doing its job, since all ransomware thus far has displayed the same characteristics regardless of its payload. Whether the attack is a Trojan, vulnerability exploit, or malicious code (aka file-less ransomware), RansomFree is designed to deal with the interaction of the file(s) with the system and bring it to an immediate halt once the behavior is classified as a threat and until the user intervenes.

While testing this application myself, I did find evidence of false-positives being detected when using some 3rd-party software. However, it would stand to reason that this is a real possibility, given that some applications offer the ability to encrypt single files they use, or in the case of 3rd-party encryption applications, as was my specific case. Either way, that would appear to me to be a small price to pay to avoid going through the removal and data recovery process in cleaning up a ransomware infection—or having to pay to get your data back and waste all the time that takes to complete.

RansomFree worked as advertised. It’s also small and runs largely in the background, checking processes for malicious activity. And did I mention that it’s free? Not for a trial period or pending an ongoing subscription, but as in free for personal and commercial use on both client and server versions of Windows operating systems. There’s really no excuse not give it a shot and let it work to stop a possible ransomware infection from occurring like it did in my tests. If you’re not targeted, you’d never know it was there—but isn’t it great peace of mind to have it on your side in the event of a breach? I think so. That’s why I’ve added it to my “fleet”of go-to software apps and installed it on all my personal and commercial computers and servers.

 

This entry was posted in New Technical. Bookmark the permalink.

Leave a Reply