One of the biggest security stories of 2016 was the rise of ransomware.
In August, a study by security company Malwarebytes said that nearly half of all U.S. businesses had been hit by the malware. More recently, Kasperksy said ransomware attacks had increased threefold against businesses worldwide from January to September. And all throughout the year, ransomware that locked down the PCs of everyday users made headlines.
Hoping to stop ransomware in its tracks, security firm Cybereason announced a new anti-malware security program on Monday called RansomFree.
What is ransomware?
Ransomware is a particularly vicious type of malware. Once it lands on a system, ransomware begins to encrypt business or personal files on the hard drive. After the task finishes, the program demands money from the victim, usually in the form of Bitcoin. Typically, once the ransom is paid the malware assists with the decryption process to release your files—but not always. One 2016 variant, for example, just took the money and deleted the files on the hard drive.
But demanding money is just the tip of the iceberg. “Really, they could ask you for anything,” says Yoel Eilat, a senior product manager with Cybereason. Case in point: The recently discovered Popcorn Time ransomware. If a user doesn’t have the cash to pay the ransom, or doesn’t want to pay the fee, they can share a link with their colleagues and friends to encourage them to download the malware. Anyone who successfully dupes two people into infecting themselves gets off scot-free—minus two friendships, that is.
It’s still early days for anti-ransomware solutions. Malwarebytes ran a beta earlier in 2016 for an anti-ransomware program, and advertises Malwarebytes 3.0 as capable of fighting this type of malware.
But Cybereason believes RansomFree has what it takes to lead the charge against ransomware. The desktop program for Windows 7 and up (as well as Windows Server versions 2008 R2 and 2012) uses behavioral analysis instead of regularly updated malware definitions to fight the bad programs. Cybereason took a look at all the ransomware it could find, and analyzed the programs for common characteristics. It then built a program to monitor for those behaviors.
If RansomFree finds any such behavior on your system, it flags that program for your review. By default, the program suspends any activity it deems suspicious—even if it’s a legitimate encryption program that has some behavior in common with ransomware. It’s then up to the user to either enable the program, or allow RansomFree to permanently quarantine the malware.
Using this approach, Eilat says that with RansomFree enabled about four files can end up encrypted before the security program detects the problem and stops it; however, he says, for most ransomware strains “RansomFree manages to stop the ransomware even before any file is encrypted.”
RansomFree is a free download for home users directly from Cybereason’s site. The installation's fairly anti-climactic. It alerts you that the program placed some specially constructed files on your system that help RansomFree do its job. Eilat wouldn’t go into too much detail about what these files do. He would say they were there to be the “victims” of potential ransomware infections and to slow the malware down.
Other than the alert about the files, RansomFree just sits there not doing much of anything—at least to the casual observer. That’s probably what you want from a specialized security program like this, anyway.
The impact on you at home: Using a security program that protects against ransomware is only the first step to keeping your files safe. Cybereason also recommends that users regularly backup their files and verify that those backups can be restored should the worst happen. The usual security advice also applies: keep your operating system and programs up-to-date; disable Java and Flash when possible; don’t download programs or files from sketchy websites; and be doubly cautious downloading attachments or clicking links in email.
This article was updated at 12:50 PM Eastern on December 19, 2016 to correct the name of Cybereason's RansomFree. We regret the error.