We look at the better tools available for identifying, removing or protecting against ransomware.
Ransomware is one of the fastest growing security threats and over the last few years, it has evolved into one of the most harmful forms of cyber attacks there is. Take the recent GoldenEye and WannaCry ransomware outbreaks, for example. They crippled hundreds of organisations – including Cadbury’s Tasmanian factory, and red light and speed cameras across Victoria – causing widespread disruption around the world.
According to Verizon’s 2017 Data Breach Investigations Report, ransomware increased by 50% compared to last year’s report.
While there are many different types, all kinds of ransomware have one end goal: to prevent you from using your PC normally, asking you to do something before you can use your PC.
They can target any PC users, whether it’s a home computer, endpoints in an enterprise network, or servers used by a government agency or healthcare provider, and prevent you from accessing Windows. Ransomware can also encrypt files so you can't use them, stop certain apps from running (like your web browser), and even demand that you pay money to get access to your PC or files. Best of all, there is no guarantee that paying the fine or doing what the ransomware tells you will give access to your PC or files again.
To protect your systems against these threats, we strongly recommend a multi-layered strategy, as explained in our ransomware defence guide. If you think you’ve infected, you need to act fast, following the tips in our ransomware survival guide. And, of course, the better internet security suites generally offer some form of ransomware protection.
Nevertheless, as part of a ransomware strategy and action plan, the following tools and services may be worth considering for inclusion in your anti-ransomware toolkit to help protect your systems, and identify and remove infections.
AVG ransomware decryption tools
AVG's ransomware removal tools aren't available in one neat package, but they're available from the company's website as free downloads in the form of different files to combat multiple ransomware strains.
The tools created by the company rid your computer of some of the most widely known ransomware such as Apocalypse, BadBlock, Bart, Crypt888, Legion, SZFLocker and TeslaCrypt. The common symptoms of each attack have been listed nicely by AVG with a download link so you can remove the malicious program from your computer. This enables you to correctly identify the ransomware and only use the removal tool specific to the threat.
It may not be the most advance tool in this list, but it is an easy way to rid yourself of specific malware without installing the bigger packages on your machine.
Bitdefender Anti Crypto Vaccine and Anti-Ransomware, Antivirus Plus 2017
Bitdefender’s free vaccine tool can protect against known and possible future versions of crypto-ransomware families, such as the CTB-Locker, Locky and TeslaCrypt malwares, by exploiting flaws in their spreading methods. However, keep in mind it’s simply a protection tool that sits in the system tray and alerts you to potential dangers and not a malware removal tool.
Bitdefender’s commercial products, including Antivirus Plus 2017 ($69.99), offer “enhanced ransomware protection” that enables you to store your most valuable files in special folders, only accessible to trusted applications.
As we’ve previously reported, RansomFree is a free Windows anti-ransomware tool that uses behaviour monitoring to watch your system for ransomware-like actions, detecting and suspending any malicious process once encryption starts.
Cybereason says RansomFree’s detection algorithm is based on analysis of more than 40 ransomware strains. The company claims the tool “protects against 99% of ransomware”, including new strains such as GoldenEye/Petya.
If your files have been scrambled by ransomware, a decrypter may be able to save the day – and, as we’ve previously reported, security vendor Emsisoft now has a download page, a single source where you can download any of its free decrypters.
Emsisoft adds new decrypters to the page as soon as it develops solutions for new threats. At last count there were more than 30 decrypters available.
HitmanPro.Alert turns your computer into an undesirable victim by blocking the core techniques and exploits malware uses to hide from antivirus software.
It also detects crypto-ransomware, simply by observing the behaviours that these threats exhibit. It also makes sandbox-aware malware terminate itself by vaccinating or ‘camouflaging’ your PC as a virus researcher.
HitmanPro.Alert costs US$34.95 a year, and is available as a free 30-day trial.
Just point the site as the file containing the ransom and payment information, or upload a sample encrypted file, for a quick verdict. Armed with the identity of the ransomware you can then make a more informed decision about what to do next.
Kaspersky anti-ransomware tool
Kaspersky's free anti-ransomware tool aims to protect your system from ransomware attacks and cryptolmalware, instead of fixing them when your network is affected. It’s constantly running in the background, which means that as long as you're using your computer it should be protected against unknown threats. This includes the patterns and behaviour associated with ransomware so even if it doesn't identify that ransomware is present, it will tell you when things don't seem right.
Kaspersky's tool is available and compatible with whatever security software you're using. The anti-malware has been specifically designed for small and medium-sized companies in mind.
Malwarebytes’s Anti-Ransomware tool is now included with its commercial suite, Malwarebytes 3.0, which also features Anti-Malware, Anti-Exploit, Website Protection and Remediation tools. The Anti-Ransomware tool isn’t a decrypter – Malwarebytes says it stops unknown and known ransomware proactively.
As we explained previously, Malwarebytes claims its latest suite can “replace your traditional antivirus, thanks to our innovative and layered approach to preventing malware infections using a healthy combination of proactive and signature-less technologies.” However, for those who prefer not to test that claim, it’s also “compatible with all major antivirus software”.
Microsoft’s free Enhanced Mitigation Experience Toolkit (EMET) helps raise the bar against ransomware attackers by protecting against new and undiscovered threats even before they are formally addressed through security updates or antimalware software.
There are 12 security mitigations in EMET that complement other defence-in-depth security measures, such as Windows Defender and other antivirus software, installing with default protection profiles, such as XML files that contain preconfigured settings for common Microsoft and third-party applications.
Zemana AntiMalware is a second-opinion malware scanner designed to rescue a computer from ransomware that has infected the computer. It uses cloud-based scanning to reduce detection time for new virus outbreaks and improve scanning performance. So if a sample is detected as malicious, all Zemana users are protected in the future against that specific threat.
There’s a free version, but you’ll need to purchase the Zemana’s Premium version (US$32.95 per year) for the anti-ransomware tools that include a “cloud reputation system” to check for unknown binaries and cloud-based sandbox technology that analyses suspicious files.
The feature includes reviews that originally appeared at IT Pro.