Your 2019 anti-ran­somware tool­kit

TechLife Australia - - WELCOME - [ NATHAN TAY­LOR ]

RAN­SOMWARE HAS BEEN a plague on the com­puter in­dus­try for years now. It has be­come the num­ber one se­cu­rity threat for busi­nesses and home users, and the num­ber of at­tacks con­tinue to grow year on year. There is some com­pe­ti­tion of late – crypto min­ers have seen a mas­sive surge in pop­u­lar­ity in the last year – but crypto min­ers are mostly an in­con­ve­nience, read­ily re­moved once de­tected. Ran­somware can ruin your life.

What ran­somware does is take a set of files on your com­puter and encrypt them so that you can no longer ac­cess them. Typ­i­cally it will tar­get doc­u­ments and pic­tures, though some ran­somware vari­ants will tar­get other files. Then it sends you a mes­sage – send money (usu­ally cryp­tocur­rency) and the files will be un­locked. Some ran­somware vari­ants also take ad­di­tional mea­sures, like giv­ing you a count­down, or pro­gres­sively delet­ing files the longer you take to pay.

The worst thing about ran­somware is that there is gen­er­ally no easy re­course. Once the files are en­crypted, sim­ply re­mov­ing the ran­somware from your sys­tem is not enough to get your data back. In­deed, re­mov­ing the ran­somware may take away the one so­lu­tion you might have – to pay the ran­som. Gen­er­ally, pay­ing the ran­som does work – though not 100% of the time (and we cer­tainly don’t rec­om­mend pay­ing it ex­cept in ex­treme cir­cum­stances).

So what’s your best de­fence against it? Read on to find out.

ANTI-VIRUS

Com­mer­cial rec­om­men­da­tion: Bit­de­fender To­tal Se­cu­rity 2019 www.bit­de­fender.com.au, $70 for five de­vices for one year Free rec­om­men­da­tion: Kasper­sky Free An­tivirus www.kasper­sky.com.au/free-an­tivirus Ran­somware in­fects your sys­tem like any other virus, and so you take the same pre­ven­ta­tive ac­tion you would against any other virus. Part of that is run­ning good anti-virus soft­ware.

When it comes to com­mer­cial soft­ware, the ma­jor suites have thank­fully upped their game when it comes to ran­somware pro­tec­tion in the last few it­er­a­tions. They now of­ten do more than just rely on their virus pro­tec­tion to head off ran­somware pre-in­fec­tion: they in­cor­po­rate other pro­tec­tive mea­sures against it.

The one we have been most impressed with is Bit­de­fender, which in­cludes new sys­tem mon­i­tor­ing tools to keep track of ran­somwarestyle be­hav­iour. What’s more, it in­cludes an ex­cel­lent file locker sys­tem (more on those be­low) that man­ages to pro­vide pro­tec­tion with­out mas­sively in­con­ve­nienc­ing you, since you can set ap­proved apps in ad­vance (so you don’t have to go through an ap­proval prompt every time you try and ac­cess a file).

We’ve yet to find a free anti-mal­ware so­lu­tion that of­fers those kinds of fea­tures, so if you want free you’ll have to set­tle on a so­lu­tion that sim­ply pro­vides good virus de­tec­tion rates. Kasper­sky of­fers among the best, and comes highly rec­om­mended – although other so­lu­tion like Avast!, Bit­de­fender Free and Avira can get the job done.

BACKUP

Com­mer­cial rec­om­men­da­tion: Acro­nis True Im­age 2019 Home Backup www.acro­nis.com, one-time $70 with no cloud backup; $70 per year with cloud backup Free rec­om­men­da­tion: EaseUS Todo Backup Free www. easeus. com

No anti-mal­ware so­lu­tion is flaw­less. Virus writ­ers are con­stantly work­ing to fool their de­tec­tion sys­tems and they of­ten do. That’s why it is so crit­i­cal now to have a con­tin­u­ous backup of your im­por­tant files. If your crit­i­cal files get en­crypted, then you need to have a backup to re­cover them.

You can use lo­cal back­ups, like on a USB stick or drive, but if they’re con­nected to the sys­tem at the time of in­fec­tion they run the risk of be­ing en­crypted as well. A bet­ter so­lu­tion is of­ten to use a cloud backup sys­tem – though in that case you’re on the hook for an an­nual sub­scrip­tion fee (typ­i­cally in the $70-range).

When it comes to com­mer­cial backup so­lu­tions, we can’t go past Acro­nis True Im­age, which has every tool you can imag­ine and some you can’t. It’s avail­able for a one-time charge of $70, which doesn’t in­clude cloud backup; or a sub­scrip­tion start­ing at $70 per year, which in­cludes 250GB of cloud backup (more is avail­able if you pay more).

The lat­est ver­sion of Acro­nis ac­tu­ally has anti-ran­somware mon­i­tor­ing built in, sim­i­lar to that found in Bit­de­fender To­tal Se­cu­rity. It mon­i­tors for ran­somware-like be­hav­iour, and it al­lows you to lock files so that only ap­proved apps can ac­cess them. It will pre­vent mod­i­fi­ca­tions to the backup files from apps other than Acro­nis it­self.

When it comes to free so­lu­tions, you can use the backup tool built into Win­dows and Mac (although we think the Win­dows ver­sion has ac­tu­ally gone back­wards over time), but a bet­ter so­lu­tion might be EaseUS Todo Backup Free. It doesn’t have any­where near the tools of Acro­nis, but it does of­fer sys­tem, file and par­ti­tion backup, which is a rar­ity in free tools. It’s also easy to use and ac­ces­si­ble.

FILE LOCKER

Com­mer­cial rec­om­men­da­tion: Bit­de­fender To­tal Se­cu­rity 2019 www.bit­de­fender.com.au, $70 for five de­vices for one year Free rec­om­men­da­tion: Trend Mi­cro Ran­somBuster ran­sombuster.trend­mi­cro.com

As we men­tioned above, both Bit­de­fender and Acro­nis have what are called file lock­ers. These are tools that pre­vent any un­ap­proved mod­i­fi­ca­tion to locked files. Only apps that have been ap­proved by you can make changes to the file. They should pre­vent ran­somware from en­crypt­ing or delet­ing locked files.

For com­mer­cial file lock­ing, we like Bit­de­fender’s suite so­lu­tion, so get­ting that is a two-fer.

Good free file lock­ing so­lu­tions are much harder to find. There are plenty of so­lu­tions avail­able, but most mas­sively in­con­ve­nience the user since they don’t have app white lists (so you have to ap­prove every sin­gle file change).

The best we have found is Trend Mi­cro’s Ran­somBuster, which is a free ver­sion of the file lock­ing tool found in Trend Mi­cro’s com­mer­cial se­cu­rity suite. Like the Bit­de­fender so­lu­tion, it al­lows you to des­ig­nate files that will be pro­tected from mod­i­fi­ca­tion. It al­lows white lists – apps like Mi­crosoft Of­fice can be ap­proved to make mod­i­fi­ca­tions with­out both­er­ing you with an au­then­ti­ca­tion popup. It’s easy to use, and works well.

DECRYPTORS

Free rec­om­men­da­tion: Trend Mi­cro Ran­somware File De­cryp­tor www.trend­mi­cro.com

If all else fails, and your files get en­crypyted, don’t just re­sign your­self to pay­ing up. The first thing you should do is try a de­cryp­tor.

For some ran­somware strains that have made it into the wild, clever se­cu­rity re­searchers have found ways to hack the hack­ers and have pro­vided de­cryp­tion so­lu­tions to re­verse the ef­fects of ran­somware. In some cases, law en­force­ment has also seized de­cryp­tion keys from cap­tured cy­ber crim­i­nals, and made them pub­lic for vic­tims of the ran­somware to use.

Decryptors are tools that will at­tempt to try out known de­cryp­tion so­lu­tions on en­crypted files. Avast! (www.avast.com) pro­vides a li­brary of such tools on its site, but for a uni­fied tool we like Trend Mi­cro’s Ran­somware File De­cryp­tor. At the time of writ­ing it worked fully or par­tially against 27 dif­fer­ent strains of ran­somware. You still need to know which ran­somware strain you were in­fected with (the app will help you fig­ure that out), and de­cryp­tion may only be par­tial for some strains, but it does work on some of the most preva­lent forms of ran­somware – in­clud­ing Wan­naCry and Petya.

THE WORST THING ABOUT RAN­SOMWARE IS THAT THERE IS GEN­ER­ALLY NO EASY RE­COURSE. ONCE THE FILES ARE EN­CRYPTED, SIM­PLY RE­MOV­ING THE RAN­SOMWARE FROM YOUR SYS­TEM IS NOT ENOUGH TO GET YOUR DATA BACK

Trend Mi­cro pro­vides an all-in-one de­crypter.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.