I would agree with you if you said Wilders members, however if you check various forums such as Bleeping Computer, many users are getting infected with ransomware, and if you correlate that to the real world it would be hundreds of thousands worldwide. So obviously people who could care less about their computer security need some type of tool to protect themselves from themselves. A simple tool like CryptoPrevent would work wonders if more people were aware of it.
I my case it isn't malware so much as it is my installing beta security software that bricks my machine. Yesterday I bricked my machine but am not sure which software it was./ I was trying three programs but had been using them for a few months without issues. I use Marcum Reflect but don't have it set to start at boot and let me pick a drive. On reboot it was not seeing my USB port where my back up is. I had tore the keyboard, mouse. cat 5 and power cable out and was just stepping out the door to go buy a new one and thought I will try it a few more times and got lucky it saw my USB port. But it was not seeing my back up drive I have with original 8.1 installed either on any USB ports.
Most infection are drive-by on disk which means the user is the problem, as I did say there are not millions because Windows and other OS already coming with build in protections like smart screen, UAC, Windows defender so if anyone now telling me he got infected it's just a lie or he just disabled everything, uses warez or executed something on his/her own, that doesn't have to do with the tools, it starts with brain. The OS (again I know) already handle it well, in my test Defender handled all my examples well, if anyone here or in the mention forums can give me an sample to bypass all this by just downloading something and executing it without warning or something he better just don't use the internet (or contact me to get help). In fact manually harden or use external software can lower the security level which is then the opposite you want, I did already mention some examples and to believe one or two or 10 engines running to the same time makes you more secure is a false sense of security. ... And that's why I'm saying people should woke up and asking why the AV tools not telling anything about OS security levels that already exist for years. How big is the chance that millions are get infected by 0day without been already a target or on the radar from the attackers for months/weeks, so all this 'millions infected' is just in my eyes marketing without any proof. It starts much longer before e.g. by recommend to not use Win 10 and stay on 7 for no reasons ... and THIS is even more dangerous as you might think because on a security aspect you have to stay up2date that's the only thing which is for sure.
even without using any anti-malware/ransomeware products: 1. set UAC to maximium 2. store all important files in a protected directory (admin-only read/write access) 3. use a limited account for everything, especially on-line activities 4. optional; run a browser with an anti-scripting plugin, probably blocking iframes as a minimum and maybe 3rd party scripts as well. Even if the ransomeware does run with limited rights, it can't touch the files in the protected directory.
My Emsisoft Internet Security (BB kickin' in) and hardened Google Chrome are enough to block Ransomware, so I'm not that worried. I'm also beta-testing Malwarebytes Anti-Ransomware at the moment.
There is now another ransomeware hype, this ransomeware is called 'Locky' and infected e.g. Frauenhofer-Institue and some others via eMail and/or directly placed on websites which then uses an old Macro hole to load ladybi.exe trojan. Kaspersky reported that some infection affects directly some pages which then want's to download/execute eiasus.exe. ~ Removed VirusTotal Results as per Policy ~ Again nothing special and nothing needed, just disable Macros in e.g. MS Office and/or restrict C:\Users\USERNAME\AppData\Local\Temp and nothing can happen. I not really believe that there are 5000 new infections per hour but according to the news there are several each second. Instead of price now new security tools just tell people how to restrict and disable macros in MS Office and everything will be fine, like I did now .... Uargh sooooo boring that my Pc is clean for 20+ years now, Spam and drive-by?! ... NEXT please ....
Here's an Emsisoft video showing its effectiveness against 20 different ransomwares: https://www.youtube.com/watch?v=zDKModQjFUs
Locky is unsigned: Also the registry setting "Validate Admin Code Signatures" is good for the block. As with other ransomwares.
I agree I was a bit fast, the appdata method here wont work like with cryptolocker because it creates a file under C:\Users\USERNAME\AppData\Local\Temp\RANDOMSTRING.tmp and puts registry entries to execute this file at startup. There is also a second registry entry on the system binary that I assume helps this file.
I couldn't see the alerts clearly, but was everything caught by signature, or was it the BB that blocked it?
It was the BB. You can see the option in the BB's application rule settings section. It is titled "Attempt to modify documents is a suspicious manner." The way the BB works is when EAM/EIS detects an unknown/suspicious process, all those application rule settings are activated. The only way ransomware could get around the BB is if it passed the reputation tests of "known" to Emsisoft's cloud and has a valid signature.
1) Up-to-date Firefox 2) Ublock Origin (with malware blocklists) 3) Firejail 4) Apparmor 5) grsecurity (to strengthen Firejail's chroot and prevent kernel exploits) 6) Update OS once a day **EDIT** 7) Backups!
I avoid ransomware by not downloading and running potentially suspicious programs. I do have an antivirus software installed, as well as Bitdefender Anti-Ransomware. Howver, I don't feel that BD Anti-Ransomeware is necessary in my case, but since it has no impact on system performance, I see no harm in having it installed.
Try registering it.. "WinAntiRansom DOES NOT provide any protection when run unregistered!" On the bottom of the page...
Surely the 15-day trial gives you a temporary registration until you decide to purchase or not. Otherwise what's the point of the trial if it doesn't protect for a limited time?
The proper way to do this is to either block the download or the installation if required registration data is not provided. Allowing non-functional software to install, especially security software, is unacceptable in my opinion.
Here are some pictures installation, protection before activation of free trial and after activation free trial: