Your 2019 anti-ransomware toolkit
RANSOMWARE HAS BEEN a plague on the computer industry for years now. It has become the number one security threat for businesses and home users, and the number of attacks continue to grow year on year. There is some competition of late – crypto miners have seen a massive surge in popularity in the last year – but crypto miners are mostly an inconvenience, readily removed once detected. Ransomware can ruin your life.
What ransomware does is take a set of files on your computer and encrypt them so that you can no longer access them. Typically it will target documents and pictures, though some ransomware variants will target other files. Then it sends you a message – send money (usually cryptocurrency) and the files will be unlocked. Some ransomware variants also take additional measures, like giving you a countdown, or progressively deleting files the longer you take to pay.
The worst thing about ransomware is that there is generally no easy recourse. Once the files are encrypted, simply removing the ransomware from your system is not enough to get your data back. Indeed, removing the ransomware may take away the one solution you might have – to pay the ransom. Generally, paying the ransom does work – though not 100% of the time (and we certainly don’t recommend paying it except in extreme circumstances).
So what’s your best defence against it? Read on to find out.
ANTI-VIRUS
Commercial recommendation: Bitdefender Total Security 2019 www.bitdefender.com.au, $70 for five devices for one year Free recommendation: Kaspersky Free Antivirus www.kaspersky.com.au/free-antivirus Ransomware infects your system like any other virus, and so you take the same preventative action you would against any other virus. Part of that is running good anti-virus software.
When it comes to commercial software, the major suites have thankfully upped their game when it comes to ransomware protection in the last few iterations. They now often do more than just rely on their virus protection to head off ransomware pre-infection: they incorporate other protective measures against it.
The one we have been most impressed with is Bitdefender, which includes new system monitoring tools to keep track of ransomwarestyle behaviour. What’s more, it includes an excellent file locker system (more on those below) that manages to provide protection without massively inconveniencing you, since you can set approved apps in advance (so you don’t have to go through an approval prompt every time you try and access a file).
We’ve yet to find a free anti-malware solution that offers those kinds of features, so if you want free you’ll have to settle on a solution that simply provides good virus detection rates. Kaspersky offers among the best, and comes highly recommended – although other solution like Avast!, Bitdefender Free and Avira can get the job done.
BACKUP
Commercial recommendation: Acronis True Image 2019 Home Backup www.acronis.com, one-time $70 with no cloud backup; $70 per year with cloud backup Free recommendation: EaseUS Todo Backup Free www. easeus. com
No anti-malware solution is flawless. Virus writers are constantly working to fool their detection systems and they often do. That’s why it is so critical now to have a continuous backup of your important files. If your critical files get encrypted, then you need to have a backup to recover them.
You can use local backups, like on a USB stick or drive, but if they’re connected to the system at the time of infection they run the risk of being encrypted as well. A better solution is often to use a cloud backup system – though in that case you’re on the hook for an annual subscription fee (typically in the $70-range).
When it comes to commercial backup solutions, we can’t go past Acronis True Image, which has every tool you can imagine and some you can’t. It’s available for a one-time charge of $70, which doesn’t include cloud backup; or a subscription starting at $70 per year, which includes 250GB of cloud backup (more is available if you pay more).
The latest version of Acronis actually has anti-ransomware monitoring built in, similar to that found in Bitdefender Total Security. It monitors for ransomware-like behaviour, and it allows you to lock files so that only approved apps can access them. It will prevent modifications to the backup files from apps other than Acronis itself.
When it comes to free solutions, you can use the backup tool built into Windows and Mac (although we think the Windows version has actually gone backwards over time), but a better solution might be EaseUS Todo Backup Free. It doesn’t have anywhere near the tools of Acronis, but it does offer system, file and partition backup, which is a rarity in free tools. It’s also easy to use and accessible.
FILE LOCKER
Commercial recommendation: Bitdefender Total Security 2019 www.bitdefender.com.au, $70 for five devices for one year Free recommendation: Trend Micro RansomBuster ransombuster.trendmicro.com
As we mentioned above, both Bitdefender and Acronis have what are called file lockers. These are tools that prevent any unapproved modification to locked files. Only apps that have been approved by you can make changes to the file. They should prevent ransomware from encrypting or deleting locked files.
For commercial file locking, we like Bitdefender’s suite solution, so getting that is a two-fer.
Good free file locking solutions are much harder to find. There are plenty of solutions available, but most massively inconvenience the user since they don’t have app white lists (so you have to approve every single file change).
The best we have found is Trend Micro’s RansomBuster, which is a free version of the file locking tool found in Trend Micro’s commercial security suite. Like the Bitdefender solution, it allows you to designate files that will be protected from modification. It allows white lists – apps like Microsoft Office can be approved to make modifications without bothering you with an authentication popup. It’s easy to use, and works well.
DECRYPTORS
Free recommendation: Trend Micro Ransomware File Decryptor www.trendmicro.com
If all else fails, and your files get encrypyted, don’t just resign yourself to paying up. The first thing you should do is try a decryptor.
For some ransomware strains that have made it into the wild, clever security researchers have found ways to hack the hackers and have provided decryption solutions to reverse the effects of ransomware. In some cases, law enforcement has also seized decryption keys from captured cyber criminals, and made them public for victims of the ransomware to use.
Decryptors are tools that will attempt to try out known decryption solutions on encrypted files. Avast! (www.avast.com) provides a library of such tools on its site, but for a unified tool we like Trend Micro’s Ransomware File Decryptor. At the time of writing it worked fully or partially against 27 different strains of ransomware. You still need to know which ransomware strain you were infected with (the app will help you figure that out), and decryption may only be partial for some strains, but it does work on some of the most prevalent forms of ransomware – including WannaCry and Petya.
THE WORST THING ABOUT RANSOMWARE IS THAT THERE IS GENERALLY NO EASY RECOURSE. ONCE THE FILES ARE ENCRYPTED, SIMPLY REMOVING THE RANSOMWARE FROM YOUR SYSTEM IS NOT ENOUGH TO GET YOUR DATA BACK