Do you use a specific anti-ransomware software product ? Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems, or to get their data back. Some ransomware encrypts files (called Cryptolocker). Other ransomware use TOR to hide C&C communications (called CTB Locker). or do you rely on your current install base for protection ?
I use CryptoPrevent and HitmanPro.Alert (which specifically has a file encryption blocking feature called CryptoGuard). By the way, what do you mean by "current install base"?
I would say a combination between anti-executable/application whitelisting and anti-exploit protection along with LUA.
Just Sandboxie. Infections through the browser is my main concern. Use Mbae for outlook. Also AX64 for my backup.
I think this link is a must,to the topic at hand. https://malwaretips.com/threads/winantiransom-vs-some-nasty-stuff.54295/
'Current install base' meaning your selection of security products you have installed. Some products that you may already have installed say they cover certain types of ransomware intrusions. For instance, EMET and MBAE if you have them installed. Also MBAM has a feature to block malicious web sites which can add a layer of protection. AVs make claims that they can detect certain types of ransomware.
By using NoScript and Sandboxie, I believe theres no need for me to use anything specifically designed to protect against that kind of malware. Bo
I pretend to "combat" it using the config found in my signature. However my real combat is "passive defense", so to speak. I rather use SecureFolders to lock a USB stick with my important sensitive data to make it impenetrable and if by any chance my security config doesn't prevent running a very advanced cryptomalware, if so I reboot my machine and Shadow Defender gets rid of cryptomalware while data in my external USB stick still all well. Edit: I forgot to mention I lock that USB stick permanently. In fact it is a mirror of the original folder placed on desktop. All changes are made to that folder in desktop (it stills susceptible for cryptomalware attack) at the end of the day/night I make sure one txt file stills fine, i.e., non-encrypted then I unlock with SecureFolders the USB stick and fire-up SyncBackFree (mirror mode) to backup all data into that stick (in my case it only takes 1-2 minutes to scan changes) then I wait until dropbox and jottacloud clients finish to up everything into the cloud, finally lock the stick up once again. Any critic is very welcome.
Below is a new one called WinAntiRansom by the makers of WinPatrol. It works really well. It protected against a few that got by HMPA, and CryptoPrevent. CruelSister tested it against the nastiest Crypto-Malware available. https://www.youtube.com/watch?v=q2h7SfpVHj8 https://www.winpatrol.com/winantiransom/ Edited: Be advised it's currently not compatible with XP.
I rely on AppGuard, Bouncer, and ERP. I don't have them all 3 installed together, but those are the applications I rely on at the moment. I may give WinAntiRansom a try soon by WinPatrol. It was just released, and it's already doing amazing.
I believe sooner or a later a very advanced form of ransomware could penetrate any security/s barriers but the key is to put a 10-inches thick steel wall between computer and a single point of entry to your sensitive data, done by a robust powerful impenetrable mini-filter driver. The machine files can be infected altered tampered you name it, a drive image restore puts your machine up in minutes.
I don't have anything specific for ransomware. After reading about it a bit, I did an inventory of what data I had that could conceivably be worth a ransom. It was all on one computer consisting of mostly word and pdf files I'd written and some photos. The total was 22gb of which maybe a few mbs hadn't been backed up in cold storage already. As it was, not much. The amount of data was small enough that I just moved it all onto a ntfs formated 32gb SD card which is not inserted in the computer when I'm not working with that data. Backup was reduced to simple imaging of the sd disk. My systems are locked down enough and the software on them so vetted that even that precaution is probably not necessary but it is simple and procedural, and costs nothing.
Voted "HIPS" and "Other" - I'm using SpyShelter with active option "User defined protected files" (the list of my own monitored folders).
I don't have anything in my data that is very important, but for the sake of the argument data backup, OS backup, AV, and Sandboxie with restrictions should make it hard to start such a process...
Same over here, I rely on SS, but the plan is to also add a specialized behavior monitor like the one in HMPA for example. Of course Sandboxie can also be used to safely run apps virtualized, with no write access to the real file system.
Ransomware will most likely evolve its methods of propagation, encryption, and target types. The most obvious new targets being cloud based storage solutions and IoT devices. Users will have to protect their stored credentials so as not to get locked out.
I voted for CryptoPrevent and Other. CP is my main defense against RW, but my other security (in my sig) will also help prevent such attacks.
I voted "Other." I'm careful about clicking. This article has a nice summary: http://www.mcafee.com/us/resources/solution-briefs/sb-quarterly-threat-q1-2015-2.pdf Another method is Malvertising. Browser configuration is important to combat malvertising. I found these in my notes: The way the malvertising works is that the first redirect, written in Javascript and protected with SSL, does not load an ad image but instead sends the site visitor to a completely different website. There, a second redirect, also using SSL, takes the reader to yet another destination. Finally, a third redirect, this one using the standard 302 HTTP redirect but also with SSL, goes to the site with the actual malicious download. The infection is through exploit kits that use vulnerabilities on your computer to install this Trojan without your permission of knowledge. You must be running the software or the browser that the exploit targets, he said. Or the user may not have plug-ins enabled globally, meaning that upon being redirected to the attacker's (not trusted) site, the exploit would fail to start. The threat may also be downloaded manually by tricking the user into thinking they are installing a useful piece of software, for instance a bogus update for Adobe Flash Player or another piece of software. ---- rich
