The Best Ransomware Protection Deals This Week*
*Deals are selected by our commerce team
The hot war in Ukraine dominates the news, but drone strikes and mortar bombardments aren’t the only attacks going on. Police there recently busted a ransomware gang whose attacks spanned the globe. You won’t need first aid after a ransomware attack, but your business may take a serious hit. Your personal documents, photos, and videos are at risk too. What can you do? Start by making sure your antivirus includes protection against ransomware. Then, consider adding software with no purpose other than ransomware defense.Read on for our reviews of the top tools you can use to protect yourself from ransomware. After that, we’ll dive deeper into what ransomware is, as well as what to look for in deciding the right protection for you.
Deeper Dive: Our Top Tested Picks
Bitdefender Antivirus Plus
Best for Multi-Layered Ransomware Protection
Why We Picked ItBitdefender Antivirus Plus is a top choice for general-purpose malware protection, with consistently excellent scores from the independent testing labs and top scores in most of our hands-on tests. Among the many security bonuses that justify the “Plus” in its name is a multi-layered system of ransomware detection and remediation. If the behavior-based detection system gets any hint of a problem, the remediation system makes secure backups of important files.Bitdefender’s real-time malware protection wiped out all my ransomware samples, so I turned off that protective component and tried again. In hands-on testing with from-the-wild samples, Bitdefender detected every single file-encrypting ransomware threat. It did miss one sample designed to encrypt the whole disk, but remember—that sample only got a chance to run because I turned off the regular antivirus.Who It’s ForDoes installing a separate ransomware protection program seem like an imposition? Do you feel like an antivirus utility should simply take care of the problem? Bitdefender Antivirus Plus is just what you need, combining an award-winning antivirus engine, a set of features specifically aimed at ransomware protection, and a boatload of security bonus features.
PROS
Perfect scores in independent lab tests
Excellent defense against fraudulent and malicious sites
Multi-layered ransomware protection
Isolated browser for banking safety
Prevents advertisers from tracking you
Many security-centered bonus features
CONS
Unlimited VPN access requires a separate subscription
Slow first full scan
SPECS
Name
Value
Protection Type
Antivirus
Ransomware Behavior Detection
Prevent File Modification
Prevent All File Access
Recover Files
Vaccination
Learn More
Bitdefender Antivirus Plus Review
Webroot AntiVirus
Best for Reversing Ransomware Effects
Why We Picked ItWebroot AntiVirus doesn’t work like most antivirus tools. Oh, it does wipe out malicious programs that it recognizes, and it sends known valid programs on their way with a pat on the head. But when it encounters an unknown program, it virtualizes and journals any system changes by the program, prevents any irreversible actions (such as sending your data to an unknown server), and sends telemetry to the big Webroot brain in the cloud. If the cloud returns a guilty verdict, Webroot wipes out the malicious program and rolls back all its actions.On the one hand, this emphasis on cloud analysis means Webroot is the tiniest antivirus around in terms of disk space used, and its scans run very quickly. On the other hand, the fact that it can take a while to get a judgment on an unknown program means it’s not compatible with most third-party tests.Webroot quickly eliminated all my ransomware samples. The only way I could test its protection was to create new, never-before-seen modified versions of those samples. Some of the modified files just didn’t perform, perhaps due to internal integrity checks. Webroot caught most of the rest, wiping out the ransomware and restoring encrypted files.Who It’s ForLike Bitdefender, Webroot is an antivirus with ransomware protection built in, so you don’t have to layer on separate ransomware protection. Its small size and speedy scans will appeal to those with a preference for efficiency.
PROS
Fast scan, tiny size
Light on system resources
Can remediate ransomware damage
Advanced features
CONS
No longer offers remote monitoring and configuration
Imperfect protection against hand-modified ransomware
Limited lab test results
Advanced features require uncommon expertise
No volume discount
Firewall settings can be confusing
SPECS
Name
Value
Protection Type
Antivirus
Ransomware Behavior Detection
Prevent File Modification
Prevent All File Access
Recover Files
Vaccination
Learn More
Webroot AntiVirus Review
Acronis Cyber Protect Home Office
Best for Ransomware File Recovery
Why We Picked ItIn a very real way, backup is the ultimate security, and backup is the main function of Acronis Cyber Protect Home Office. Ransomware creators know this, and some design their nasty programs to attack both local files and backups—but Acronis actively prevents such attacks. In addition, it has its own malware and ransomware protection components built in.Acronis isn’t an antivirus product, so it’s no surprise that the antivirus testing labs don’t include it. Its antivirus component earned a range of scores in our hands-on tests, from mediocre to excellent. To test ransomware protection, I turned off the usual real-time antivirus before releasing ransomware samples. The ransomware-specific detection layer caught all the samples and restored all affected files, pulling clean copies from backup as necessary.Who It’s ForIf your documents are of utmost importance and you don’t want to take even the slightest chance that ransomware might take them from you, Acronis is a great choice. Behind everything else it does to keep your files safe, there’s the ultimate security of a full backup.
PROS
More backup tools than any other app
Local and cloud backup options
Full disk image backup and restore
Includes file syncing
Protects against ransomware and malicious URLs
CONS
Some cutting-edge technology may be risky to use
Cloud backup and sync never happened on one test system
SPECS
Name
Value
Protection Type
Online Backup
Ransomware Behavior Detection
Prevent File Modification
Prevent All File Access
Recover Files
Vaccination
Learn More
Acronis Cyber Protect Home Office Review
Check Point ZoneAlarm Anti-Ransomware
Best for Dedicated Ransomware Protection
Why We Picked ItA few years ago, dedicated ransomware protection seemed like an up-and-coming security category. Check Point ZoneAlarm Anti-Ransomware was one of almost a dozen such products. Fast forward to today and most competitors are gone, but ZoneAlarm soldiers on. Speaking of soldiering on, part of ZoneAlarm’s behavioral detection strategy involves strewing “bait” files around your system as cannon fodder, hoping they’ll take any ransomware hits instead of your valuable files.ZoneAlarm’s antivirus component includes some elements of ransomware protection, enough that I had to disable the antivirus portion before I could directly test the ransomware system. In testing, ZoneAlarm detected all my file-encrypting ransomware samples and recovered most affected files. One ransomware sample encrypted all the other samples—ZoneAlarm didn’t recover those, but then, executable files aren’t the usual target for ransomware.Who It’s ForSay you’re perfectly happy with your existing choice of antivirus or security suites, but you’re not entirely sure how well it would protect against ransomware. Add ZoneAlarm to your arsenal and you have all bases covered.
PROS
Successfully detects real-world ransomware attacks
Restores files affected by ransomware
Includes some antivirus features
CONS
Routinely allows (and then reverses) file encryption
Did not recover all files in testing
SPECS
Name
Value
Protection Type
Ransomware Protection
Ransomware Behavior Detection
Prevent File Modification
Prevent All File Access
Recover Files
Vaccination
Learn More
Check Point ZoneAlarm Anti-Ransomware Review
NeuShield Data Sentinel
Best for Cautious Users
Why We Picked ItSystems that rely on detecting ransomware behavior can potentially be fooled by the latest, cleverest attacks, leaving you defenseless. NeuShield Data Sentinel doesn’t even try to detect an attack—hey, the ransomware will announce itself with a ransom note. This unusual product focuses on recovering from a ransomware attack. Its One-Click Restore resets your Windows installation to a safe, malware-free configuration on reboot. After wiping out the threat you Revert protected files such as documents and pictures to a clean version saved by the program.It’s true that One-Click Restore eliminates any files installed today along with the ransomware, and Revert may lose changes and edits that you made today. But losing a few changes is a lot less worrisome than losing all your important files.In testing, Data Sentinel handled every file-encrypting ransomware attack I threw at it. In some cases, ancillary files like .CAB files and logs remained encrypted, but the system didn’t exhibit any problems. Note that Data Sentinel includes special handling for disk-encrypting ransomware, and its remote control console can handle screen locker ransomware.Who It’s ForYou’re a realist. You know that software isn’t perfect. Rather than hoping a behavior-based ransomware detector never misses, you plan for the worst, choosing a solution that can undo the attack. Right? Then NeuShield Data Sentinel is just what you’re looking for.
PROS
Reverses changes made by file-encrypting ransomware
Proved effective in hands-on testing
Blocks actions of disk-encrypting ransomware
Remote recovery breaks hold of screen-locking ransomware
Multi-factor authentication available for settings
CONS
Recovery discards changes made on the current day
Some low-importance files not recovered
SPECS
Name
Value
Protection Type
Ransomware Protection
Ransomware Behavior Detection
Prevent File Modification
Prevent All File Access
Recover Files
Vaccination
Learn More
NeuShield Data Sentinel Review
Sophos Home Premium
Best for Protecting Family Members
Why We Picked ItIn the world of enterprise security, users don’t control their antivirus—it’s all done by the IT Security team, remotely. Sophos Home Premium brings that kind of remote control to consumers. You can install it on PCs or Macs belonging to your friends and family, and handle all configuration and problems remotely. No more driving across town to fix your grandparent’s PC! Best of all, this versatile, inexpensive product includes strong protection against ransomware.Only one of the labs I follow has tested Sophos recently, but SE Labs certified it at the tip-top AAA level. It earned perfect scores in our malware protection and malicious URL detection tests. Better still, even with regular antivirus protection disabled, the ransomware behavior detection system caught all but one of a dozen ransomware samples, and that one escaped only because it did not do anything. With no behavior, there’s no behavior-based detection.Who It’s ForYou love your family…and they love to call you when they hit a tech snag. Once you protect them all with Sophos Home Premium, you can handle any problems without ever leaving your Fortress of Solitude.
PROS
Excellent scores in some of our hands-on tests
Effective ransomware protection
Remotely manages up to 10 PCs or Macs
Inexpensive
CONS
Limited results from testing labs
Ineffective parental control
No longer offers mobile management or keylogger protection
Advanced features require uncommon tech expertise
SPECS
Name
Value
Protection Type
Antivirus
Ransomware Behavior Detection
Prevent File Modification
Prevent All File Access
Recover Files
Vaccination
Learn More
Sophos Home Premium Review
Data443 Ransomware Recovery Manager
Best for Inexpensive Protection
Why We Picked ItWith Data443 Ransomware Remediation Manager, every reboot puts your computer back in a safe, ransomware-free state. If it detects active ransomware, it immediately reboots the system. It maintains protected copies of files in special folders such as Documents and Pictures, using them to remediate any damage done by the ransomware before the fateful reboot. It detected and eliminated all our real-world ransomware samples in testing, though file recovery wasn’t always perfect. And at $8.99 per year it has the lowest price of any product in this roundup.Who It’s ForYou have to adjust your habits a bit for this product. For example, you must turn it off during all program and Windows updates, else rebooting would revert to pre-update status. But once you get used to it, it’s an effective and inexpensive addition to your ransomware-busting arsenal.
PROS
Restores your PC to a clean, malware-free state on reboot
Exempts personal folders from being wiped
Restores files encrypted by ransomware
Basic antivirus included
Inexpensive
CONS
Didn’t recover all files in testing
Defeated by one real-world ransomware sample
Malware can act freely until eliminated by reboot
Limited Antivirus features
SPECS
Name
Value
Protection Type
Ransomware Protection
Ransomware Behavior Detection
Prevent File Modification
Prevent All File Access
Recover Files
Vaccination
Learn More
Data443 Ransomware Recovery Manager Review
Panda Dome Advanced
Best for Complete File Protection
Why We Picked ItLaunch Panda Dome Advanced and you’re greeted with a soothing nature scene as the background for your security features. It’s a pleasant change from the common stark white or dark gray backgrounds. This is a full security suite, with antivirus, firewall, limited VPN, USB Vaccination, application allow-listing, a network scanner, simple parental control, and more. The suite didn’t do so well in my hands-on tests; overall it doesn’t compare to the best competitors. However, the Windows-only ransomware protection system stands out.Many security products defend against ransomware by blocking all unauthorized changes to files in protected folders. When an unknown program tried to tweak a file, you get a warning, usually with an opportunity to trust or block access. Panda takes this protection to the next level, blocking all access to protected files. An unauthorized program can’t even look at your files. In testing, I confirmed that it works, both with unknown file-editing programs and with real-world ransomware.Who It’s ForSome ransomware crews devise a double-edged attack. If you don’t pay the ransom, they won’t decrypt the files, but they also threaten the public release of those sensitive files. Sure, you’ll get your data back, but so will the rest of the world. If this thought alarms you, if having your files exposed would damage you as much as merely having them locked away, then Panda’s total hands-off protection system may be just what you need.
PROS
Enhanced ransomware protection
Includes firewall, parental control, and VPN
Supports Windows, macOS, and Android
Calm, nature-themed user interface
CONS
Poor scores against dangerous and fraudulent websites
Mediocre malware protection score
Parental control is limited to content filtering
No added features for macOS and Android
SPECS
Name
Value
Protection Type
Security Suite
Ransomware Behavior Detection
Prevent File Modification
Prevent All File Access
Recover Files
Vaccination
Learn More
Panda Dome Advanced Review
Buying Guide: The Best Ransomware Protection for 2024
What Isn’t Here?In addition, this article looks specifically at ransomware protection solutions that are available to consumers. There’s no point in including the free, one-off decryption tools since the tool you need depends on which ransomware has encrypted your files. Better to prevent the attack in the first place.CryptoPrevent Premium, created when CryptoLocker was new, promised several levels of behavior-based ransomware protection. However, at the top security level, it inundated the desktop with bait files, and even at this level, several real-world samples slipped past its detection. We can’t recommend this tool in its current form.We’ve also omitted ransomware solutions aimed at big business, which typically require central management or even a dedicated server. Bitdefender GravityZone Elite and Sophos Intercept X, for example, are beyond the scope of our reviews, worthy though these services may be.It’s also worth noting that several years ago, you could choose from a dozen or so standalone ransomware protection tools from consumer security companies, and many of those tools were free. Most of those have since vanished for one reason or another. For example, Acronis Ransomware Protection used to be a free standalone tool, but now it only appears as a component in the company’s Acronis Cyber Protect Home Office software. Likewise, Malwarebytes Anti-Ransomware now exists only as part of the full Malwarebytes Premium. As for Heilig Defense RansomOff, its web page used to say, “RansomOff will be back at some point.” Now, there’s no mention of the product.Trend Micro telegraphed the end of life for its free, standalone RansomBuster product more than a year in advance. RansomBuster no longer exists as a separate product. However, its ransomware-fighting skills live on, embedded in Trend Micro’s full-blown antivirus utility.A few ransomware protection tools come from enterprise security companies that decided to do the world a service by offering just their ransomware component as a freebie for consumers. And quite a few of those have also fallen by the wayside, as companies find that the free product eats up support resources. For example, CyberSight RansomStopper is no longer with us, and Cybereason RansomFree has likewise been discontinued.Bitdefender Anti-Ransomware is gone for a more practical reason. While it existed, it took an unusual approach. A ransomware attack that encrypted the same files twice would risk losing the ability to decrypt them, so many such programs leave some kind of marker to avoid double-dipping. Bitdefender would emulate the markers for many well-known ransomware types, in effect telling them, “Move on! You’ve already been here!” This approach proved too limited to be practical. CryptoDrop, too, seems to have vanished, leaving the CryptoDrop domain name up for grabs.How Does a Ransomware Attack Work? The idea behind ransomware attacks is simple. The attacker finds a way to take something of yours and demands payment for its return. Encrypting ransomware—the most common type—takes away access to your important documents by replacing them with encrypted copies. Pay the ransom, and you get the key to decrypt those documents (you hope). There is another type of ransomware that denies all use of your computer or mobile device. However, this screen locker ransomware is easier to defeat and just doesn’t pose the same level of threat as encrypting ransomware. Perhaps the most pernicious example is malware that encrypts your entire hard drive, rendering the computer unusable. Fortunately, this last type is uncommon.If you’re hit by a ransomware attack, you won’t know it at first. It doesn’t show the usual signs that you’ve got malware. Encrypting ransomware works in the background, aiming to complete its nasty mission before you notice its presence. Once finished with the job, it gets in your face, displaying instructions for how to pay the ransom and get your files back. Naturally, the perpetrators require untraceable payment; Bitcoin is a popular choice. The ransomware may also instruct victims to purchase a gift card or prepaid debit card and supply the card number.
It’s Surprisingly Easy to Be More Secure Online
As for how you contract this infestation, it often happens through an infected PDF or Office document sent to you in an email that looks legitimate. It may even seem to come from an address within your company’s domain. That seems to be what happened with the WannaCry ransomware attack a few years ago. If you have the slightest doubt as to the legitimacy of the email, don’t click the link. Report it to your IT department.Of course, ransomware is just another kind of malware, and any malware-delivery method could bring it to you. A drive-by download hosted by a malicious advertisement on an otherwise safe site, for example. You could even contract this scourge by inserting a gimmicked USB drive into your PC, though this is less common. If you’re lucky, your malware protection utility will catch it immediately. If not, you could be in trouble.Until the massive WannaCry attack, CryptoLocker was probably the best-known ransomware strain. An international consortium of law enforcement and security agencies took down the group behind CryptoLocker ages ago, but other groups kept the name alive, applying it to their own malicious creations.
(Credit: PCMag)
Can You Recover Ransomware Files?Even if ransomware gets past your antivirus, chances are good that within a short while, an antivirus update will clear the attacker from your system. The problem is, of course, that removing the ransomware itself doesn’t get your files back. The only reliable guarantee of recovery is maintaining a hardened cloud backup of your important files.Even so, there’s a faint chance of recovery, depending on which ransomware strain encrypted your files. If your antivirus (or the ransom note) gives you a name, that’s a great help. Many antivirus vendors, among them Trend Micro and Avast, maintain a collection of one-off decryption utilities. In some cases, the utility needs the unencrypted original of a single encrypted file to put things right. In other cases, such as TeslaCrypt, a master decryption key is available.The surest way to survive a ransomware attack is to maintain a secure, up-to-date backup of all your essential files. Beyond just backing up your files, Acronis Cyber Protect Home Office actively works to detect and prevent ransomware attacks. We expect to see similar features in other backup tools.
(Credit: PCMag)
CryptoDrop Anti-Ransomware maintained copies of your sensitive files in a secure folder that’s not visible to any other processes. Alas, CryptoDrop has vanished.As noted, when Trend Micro detects a suspicious process encrypting a file, it backs up the file. If it sees a flurry of suspicious encryption activity, it quarantines the process and restores the backed-up files. ZoneAlarm also tracks suspicious activity and repairs any damage caused by processes that turn out to be ransomware.NeuShield Data Sentinel takes an unusual approach. Given that ransomware must announce its presence to request the ransom, it makes no attempt to detect ransomware activity. Rather, it virtualizes file system changes to protected folders and lets you reverse all changes after an attack. To get rid of the ransomware itself, it rolls back the system to the previous day’s state. In testing, it proved effective, though you could lose one day’s changes to your files.Data443 Ransomware Remediation Manager also uses virtualization to keep ransomware from making permanent changes. Just reboot, and the ransomware is gone. Of course, you don’t want to lose your own work, so Data443 maintains protected copies of documents, pictures, and the like. In testing, it detected and eliminated all active ransomware samples but didn’t always recover files perfectly.But really, the best defense against ransomware involves keeping it from taking your files hostage. There are several different approaches to accomplishing this goal.What Are the Best Strategies for Fighting Ransomware?A well-designed antivirus utility ought to eliminate ransomware on sight, but ransomware designers are tricky. They work hard to get around both old-school signature-based malware detection and more flexible modern techniques. It only takes one slipup by your antivirus to let a new, unknown ransomware attack render your files unusable. Even if the antivirus gets an update that removes the ransomware, it can’t bring back the files.Modern antivirus utilities supplement signature-based detection with some form of behavior monitoring. Some rely exclusively on watching for malicious behavior rather than looking for known threats. And behavior-based detection specifically aimed at encryption-related ransomware behaviors is becoming more common.Ransomware typically goes after files stored in common locations like the desktop and the Documents folder. Some antivirus tools and security suites foil ransomware attacks by denying unauthorized access to these locations. Typically, they pre-authorize known good programs such as word processors and spreadsheets. On any access attempt by an unknown program, they ask you, the user, whether to allow access. If that notification comes out of the blue, not from anything you did yourself, block it!Of course, using an online backup utility to keep an up-to-date backup of your essential files is the very best defense against ransomware. First, you root out the offending malware, perhaps with help from your antivirus company’s tech support. With that task complete, you simply restore your backed-up files. Note that some ransomware attempts to encrypt your backups as well. Backup systems in which your backed-up files appear in a virtual disk drive may be especially vulnerable. Check with your backup provider to find out what defenses the product has against ransomware.How to Detect Ransomware During its lifespan, Cybereason’s free RansomFree utility had just one purpose: to detect and avert ransomware attacks. One very visible feature of this utility was its creation of “bait” files in locations typically targeted by ransomware. Any attempt to modify these files triggered a ransomware takedown. It also relied on other forms of behavior-based detection, but its creators were naturally reluctant to offer a lot of detail. Why tell the bad guys what behaviors to avoid? Alas, maintaining this free product for consumers proved impractical for the Enterprise-focused company.Quite a few antivirus products use behavior-based detection to take down any ransomware that gets past your regular antivirus. They don’t use “bait” files; rather, they keep a close eye on how programs treat your actual documents. On detecting ransomware, they quarantine the threat.ZoneAlarm Anti-Ransomware also uses bait files, but they’re not as visible as RansomFree’s. And it clearly uses other layers of protection. It defeated all our real-world ransomware samples in testing, fixing any affected files and even removing the spurious ransom notes that one sample displayed. By observation, Data443 also uses bait files to supplement its detection of ransomware behaviors.
Recommended by Our Editors
Webroot AntiVirus relies on behavior patterns to detect all types of malware, not just ransomware. It leaves known good processes alone and eliminates known malware. When a program belongs to neither group, Webroot closely monitors its behavior. It blocks unknowns from making internet connections, and it journals every local action. Meanwhile, at Webroot central, the unknown program goes through deep analysis. If it proves to be malicious, Webroot uses the journaled data to undo every action by the program, including encrypting files. The company does warn that the journal database isn’t unlimited in size, and it also advises keeping all important files backed up. In our latest round of testing, Webroot successfully rolled back the actions of several real-world ransomware samples but let a couple of others slip past.The main purpose of Acronis Cyber Protect Home Office is backup, of course, but this product’s Acronis Active Protection module watches for and prevents ransomware behavior. It uses whitelisting to avoid falsely flagging valid tools such as encryption software. It also actively protects the main Acronis process against modification, and it ensures that no other process can access backed-up files. If ransomware does manage to encrypt some files before being eliminated, Acronis can restore them from the latest backup.
(Credit: PCMag)
How to Prevent RansomwareIf a brand-new ransomware program gets past Trend Micro Antivirus+ Security, it won’t be able to do much damage. The Folder Shield feature protects files in Documents and Pictures, in local folders representing online storage for file-syncing services, and on USB drives. Avast has added a very similar feature to Avast Premium Security.Trend Micro also offers a ransomware hotline that’s available to anyone, even noncustomers. On the hotline page, you can find tools to defeat some screen locker ransomware and decrypt some files encrypted by ransomware.Panda Dome Advanced offers a feature called Data Shield. By default, Data Shield protects the Documents folder (and its subfolders) for each Windows user account. It protects specific file types, including Microsoft Office documents, images, audio files, and video. If necessary, you can add more folders and file types. And Panda protects against all unauthorized access, even reading a protected file’s data, so it balks data-stealing Trojans, too.Testing this sort of defense is easy enough. We wrote a very simple text editor, guaranteed not to be whitelisted by the ransomware protection system. We attempted to access and modify protected files. And in almost every case, we verified that the defense worked.How to Make Ransomware Pass You OverRansomware perpetrators lose credibility if they fail to decrypt files for those who pay the ransom. Encrypting the same set of documents multiple times could make it difficult or even impossible to perform that decryption. Hence, most ransomware programs include a check to make sure they don’t attack an already-infected system. For example, the Petya ransomware initially just checked for the presence of a certain file. By creating a fake version of that file, you could effectively vaccinate your computer against Petya.Bitdefender Anti-Ransomware, during its existence, very specifically prevented infestation by TeslaCrypt, BTC-Locker, Locky, and that first edition of Petya. It had no effect on Sage, Cerber, later versions of Petya, or any other ransomware family. And it certainly couldn’t help against a brand-new strain the way a behavior-based detection system can. These limitations, along with the ever-changing nature of malware, caused Bitdefender to withdraw the tool, relying instead on the powerful ransomware protection of its full-scale antivirus.The most obvious way to test ransomware protection is to release actual ransomware in a controlled setting and observe how well the product defends against it. However, this is only possible if the product lets you turn off its normal real-time antivirus while leaving ransomware detection active. Of course, testing is simpler when the product in question is solely devoted to ransomware protection, without a general-purpose antivirus component.In addition, ransomware samples are tough to deal with. For safety, we run them in a virtual machine with no connection to the internet or network. Some won’t run at all in a virtual machine. Others do nothing without an internet connection. And they’re just plain dangerous! When analyzing a new sample and determining whether to add it to the collection, we keep a link open to a log folder on the virtual machine host. Twice now, we’ve had a ransomware sample reach out and start encrypting those logs.
(Credit: PCMag)
KnowBe4 specializes in training individuals and employees to avoid getting hit by phishing attacks. Phishing is one way malware coders distribute ransomware, so developers at KnowBe4 created a ransomware simulator called RanSim. RanSim simulates 10 types of ransomware attacks, along with two innocuous (but similar) behaviors. A good RanSim score is a plus, but we don’t treat a low score as a minus. Some behavior-based systems, such as RansomFree, don’t detect the simulation because no actual ransomware limits its activities to subfolders four levels below the Documents folder.Getting your files back after an attack is good, but completely preventing that attack is even better. The products listed here take different approaches to keeping your files safe. Ransomware protection is an evolving field; chances are good that as ransomware evolves, anti-ransomware utilities will evolve as well. For now, ZoneAlarm Anti-Ransomware is our top choice for ransomware-specific security protection. It detected all of our ransomware samples, including the disk-encrypting Petya, and repaired all files damaged by the ransomware. If your budget doesn’t stretch to paying for a ransomware protection add-on, consider switching to an antivirus or security suite that includes a ransomware-specific protection layer, such as Bitdefender Antivirus Plus or Sophos Home Premium.Editors’ Note: Based on the increasing censure and criticism of Kaspersky by US government agencies, foreign agencies, and informed third parties, we can no longer recommend Kaspersky’s products. We continue to evaluate these products on their merits and report on them for those who wish to decide for themselves.