In 2016, ransomware cost individuals and business over $1 billion and has been the fastest growing cyber threat. The Madison County ransomware attack on November 4th saw Indiana spend about $200,000 on recovery. Attacks have not been restricted to just large organizations, but individuals as well. Ransomware encrypts files including documents, photos, music, emails, etc. It uses an encryption key known only to its operators. In order to unlock these files, ransom must be paid. Most individuals are susceptible to ransomware attacks even if antivirus is installed. Hence, Cybereason has released RansomFree to protect important data from being held, hostage.
What is Ransomware?
It is a type of malicious software designed to block access to a computer system until a sum of money is paid
Read more about Ransomware here: What is Ransomware?
It’s still early days for anti-ransomware software but RansomFree, Cybereason’s behavioral anti-ransomware free tool, believes it is the “only free tool that stops 99% of ransomware strains, including never-before-seen types.” Cybereason researched over 40 ransomware strains, including Locky, Cryptowall, TeslaCrypt, Jigsaw and Cerber and identified behavioral patterns that distinguish a ransomware from legitimate applications. While each ransomware strain was written by different criminal teams, they all exhibit the same low-level file-related behavior. A ransomware tries to encrypt as many files as possible, but it cannot determine which files are important, so it encrypts files based on their extensions.
RansomFree currently supports Windows 7 and up, including Windows Server versions 2008 R2 and 2012.
How RansomFree works
RansomFree is a free download for home users directly from Cybereason’s site. The installation alerts the user that the program placed some specially constructed files on your system that help RansomFree do its job. These files were there to be the “victims” of potential ransomware infections and to slow the malware down. By putting multiple deception methods set as honeypots, RansomFree detects ransomware as soon as encryption occurs on a computer or network drive.
Once encryption is detected, RansomFree flags it for user review. By default, the program suspends a suspicious activity, displays a popup that warns users their files are at risk and enables them to stop the attack, enabling them to permanently quarantine the malware.
RansomFree protects against local encryption as well as the encryption of files on the network or shared drives. This is particularly useful in large organizations with connected data, where infecting one node gives access to infecting the entire network.
Cybereason has also released a demo video of RansomFree in action.
Is there any downside?
The only possible downside to this software is that, since ransomware attacks are random, there are a possibility certain files (though very few) have already been encrypted before the malware is detected. However, Yoel Eilat, a senior product manager with Cybereason feels that for most ransomware strains “RansomFree manages to stop the ransomware even before any file is encrypted.” Should this be the case, RansomFree will be an indispensable asset for business and personal security alike.
While RansomFree promises a 99% protection against ransomware, it is recommended that users keep regular backups. It is also advisable to keep their operating system up-to-date, disable Java and Flash when possible and absolutely avoid downloading programs from shady websites.