RansomFree – Ransomware prevention?

2017 February 24

Cybereason has released a real-time ransomware detection program called RansomFree.  The free software for Windows 7 to 10, the company claims, can spot most strains of ransomware before it starts encrypting files, alerting the user to take action.

From their website, “Cybereason’s mission is to put an end to cyber crime. And in order to put an end to one of the most profitable cyber operations of the recent years – ransomware – we have to make it unprofitable for the criminals. That’s why we are launching RansomFree: free, easy-to-install ransomware protection software, available for download for every individual and business that lacks the budget and skills to fight back.

RansomFree uses “behavioral and proprietary deception techniques” to detect ransomware strains in action. Users receive a pop-up notification when ransomware has been found on their computer and is trying to encrypt files. The user can then decide to take action.

Digital Trends reports “When ransomware is detected, RansomFree presents the user with a list of any files that may have been encrypted,” said Uri Sternfield, senior security researcher.

“RansomFree relies on the common denominator of all ransomware, no matter their distribution or method of operation — they all need to search for target files on the local drives and encrypt them. By anticipating these common patterns, RansomFree can bait ransomware to expose their intentions and accurately detect them before they are able to fully achieve their malicious goal.”

Ransomware is big business.  Symantec’s latest ransomware report notes that traditional virus vectors are quickly being replaced by crypto-ransomware.  The percentage of new families of misleading apps, fake anti-virus are near zero for 2016, replaced almost entirely by ransomware.

Clearswift has some crazy stats on the topic:

  • 2,500 cases of ransomware costing victims $24 million in the US alone were reported to the Internet Crime Complaint Center for 2015 (Turkel, 2016)
  • 500+ malware evasion behaviors are being tracked by researchers used to bypass detection (Kruegel, 2015)
  • 10 is the average number of evasion techniques used per malware sample (Kruegel, 2015)
  • 97% of malware is unique to a specific endpoint, rendering signature-based security virtually useless (Webroot, 2015)
  • 15% of new files are malicious executables (Webroot, 2015)
  • 98% of Microsoft Office-targeted threats use macros (Microsoft , 2016)
  • 600%+ increase in attachment-based vs. URL delivered malware attacks from mid 2014 to 2015 (Proofpoint, 2015)
  • 50% increase in email attacks where macros are the method of infection (Tim Gurganus, 2015)
  • 390,000 malicious programs are registered every day by AV-Test Institute (AV-TEST, 2016)
  • 19.2% potential increase of detecting malware simply by adding a 2nd AV to your existing email security, while structural sanitization can help eliminate macro malware threats (Clearswift, 2016)

I’m testing RansomFree – I hope it’s as good as advertised.  At least until the crypto-guys come up with a new way to encrypt data that RansomFree doesn’t detect…..

Add to Del.cio.us RSS Feed Add to Technorati Favorites Stumble It! Digg It!

Comments are closed.