RansomFree Is the Latest App That Tries to Stop Ransomware Infections on Windows

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this

The team at Cybereason released today a new tool that tries to help users stay safe from ransomware infections. Named RansomFree, this application can help users of Windows 7, 8 and 10, and Windows Server 2010 R2 and 2008 R2 PCs.

According to a test performed by Bleeping Computer’s Lawrence Abrams, under the hood RansomFree works by creating randomly-named folders throughout the filesystem that act as honeypots.

These folder names start with characters like ~ or ! because they are low on the ASCII table and thus will be scanned first by ransomware.

A list of files RansomFree detected as targeted by an encryption process

A list of files RansomFree detected as targeted by an encryption-heavy process (possibly ransomware)

RansomFree monitors these files, and whenever they change, it detects the originating process and pauses it.

At this stage, RansomFree also shows a prompt, asking the user if he wants to stop the source process, or allow it to continue to execute.

RansomFree stopping the Locky (Osiris variant) ransomware

RansomFree stopping the Locky (Osiris variant) ransomware

In a limited set of tests carried out by Bleeping Computer, RansomFree stopped the latest version of Locky (Osiris), Cerber, and Globe.

According to CyberReason, RansomFree also includes behavioral detections, but it is unsure if this is the same detection process that is described above.  CyberReason has stated that it can handle more than 40 different ransomware strains, including Locky, Cryptowall, TeslaCrypt, Jigsaw, Cerber, and others.

RansomFree stopping the Cerber ransomware

RansomFree stopping the Cerber ransomware
RansomFree stopping the Globe ransomware

RansomFree stopping the Globe ransomware

CyberReason says that RansomFree can detect when an abnormal encryption-heavy process starts (specific to ransomware families), on both the local computer and on shared and/or network drives.

The downside is that RansomFree needs a short amount of time to detect the start of the encryption operations. This means that a few of your files will be encrypted before RansomFree detects anything wrong.

Locky managed to encrypt a few files

Locky managed to encrypt a few files

Despite this, many users would happily sacrifice a few files if they can save the rest. However, the best course of staying safe from ransomware is to complement RansomFree with a solid computer backup policy.

RansomFree falls in the same category of anti-ransomware tools (called vaccines) as Malwarebytes’ Anti-Ransomware (formerly Nathan Scott’s CryptoMonitor), Bitdefender’s Anti-Ransomware Tool, Kaspersky Labs’ Anti-Ransomware Tool for Business, and Sean Williams’ Cryptostalker (for Linux only).

Below is a demo video of RansomFree in action, provided by Cybereason.

Source:https://www.bleepingcomputer.com/

KNOWLEDGE BELONGS TO THE WORLD
Share on FacebookTweet about this on TwitterShare on LinkedInShare on RedditShare on Google+Share on TumblrPin on PinterestDigg this