They will catch ransomware with various degrees of success. You can look at a test run by MRG with 69 samples here: https://www.mrg-effitas.com/wp-content/uploads/2017/05/MRG-Effitas-360-Assessment-2017-Q1_wm.pdf The following thread covers the Wannacrypt ransomware and provides more detailed information by forum members more knowledgeable than myself: https://www.wilderssecurity.com/thr...ware-worm-targets-out-of-date-systems.393974/
They all do, including WD. Ransomware is classified as a form of trojan, which is accurate since it seeks to hijack Windows processes for criminal gain.
Most of them should do a reasonable job. But it only takes 1 miss to ruin your day. MAKE BACKUPS! LOTS OF BACKUPS!
It also depends on the OS. Apparently most systems infected were running XP. I think it is ridiculous that the UK's national health service is still running XP: https://www.rt.com/news/388233-virus-ransomware-microsoft-wannacry/ and https://www.wilderssecurity.com/thr...hould-have-listened-to-julian-assange.394008/
Rather than relying on antivirus software to protect you, the best protection against ransomware is to keep Windows and vulnerable software up to date and not be click happy. For example, never open an email attachment unless you are 100% sure it is safe. If your system is updated, and you don't open random files, the chance of getting hit by ransomware is very minimal. It's also very important to regularly backup your system, so that in the rare case you get hit by ransomware, you will be able to recover your files.
Avs aren't perfect but most average users can't handle more complex softwares (SRP, anti-exe, etc..). The only simple thing they can do is having safe habits. And i'm glad MS pushes many security features in Windows to help every users to be a bit safer.
Perhaps AV vendors should play a part in educating their users via emails the importance of patches, the dangers of emails etc and how to protect themselves, most of the major AV's require a user email at some point although I guess they prefer to be thought of as a cure all.
sadly most people won't care, they buy an AV , the AV must solve all issues whatever risky habits they do... those need to be hit hard to understand...
McAfee is doing just that. This is from an email I received from them two hours ago: I don't use their products, but am on their mailing list as I have trialed their products.
I have read that we should back up our systems to recover from Ransomware. I do, periodically, make a system image of my system. However, if one is infected by ransomeware isn't his system shut down? So how does making back-ups help? Thanks, Jerry
First the system isn't always shut down, and 2nd if you wait until then to take a system image IT IS TOO LATE! You need to back as frequently as necessary to not lose data that is critical. I run incremental images on the hour.
You may find this to be helpful JerryM: https://avlab.pl/sites/default/files/68files/ENG_2016_ransomware.pdf
some random file downloaded from the internet wanting to access your user files and encrypt them is going to suspicious so that can be blocked by behaviour. This is why f-secure's deepguard blocked the latest ransomware without needing any updates and I believe other vendors with similar technology did as well. as long as people pay the ransom criminals will continue to make more ransomware.
If I did get caught I have the things that are important on thumb drives, and other external drives. If I could not easily fix it I would ditch my computer and get another one before I would pay.
There's never any need to replace your computer when it gets infected by malware. In the case of ransomware, all you need to do is either restore from a clean backup (which everyone should have - althought most people don't), or do a clean install of Windows.
I do have images and restore points,but I thought that many times the system was locked so that you could not accomplish a restore. Years ago a friend got a ransomware virus, and he could not do anything. However, I did load a MBAM on a CD and ran it. MBAM found it at first scan, removed it and all was well. Thanks f or the reply. Jerry
Even if you can't boot into Windows, all backup/restore imaging programs are designed to ideally restore an image using rescue media such as a CD or a USB flash drive, it is a fail-safe method which always works under any circumstances. I would not rely on Windows System Restore...
Thanks, Osaban, I back up a system image several times a year, and make a rescue disk. I use an external HD to make the image. I have a question re rescue disk. Should I make a new one each time I make a system image? Thanks, Jerry
Hi Jerry I sure would and let me ask you a question. How valuable is the data on your machine. Remember although the odds may be low, if you have to restore your machine it will look like it did when you made the image. If that is okay, your fine, if not, you need to image more frequently. Pete
Adding to what Pete said, I would make a new rescue media only if your imaging program was upgrading to a new version, otherwise there should not be any problems...
Hi Pete, My info on my machine is not so valuable that I want to spend the time making system images very often. I put Tax info on eternal media, and all photos thumb drives. I do not do anything very valuable on my computer. Thanks for taking the time to caution me. Thanks, Osaban. ADDED: Pete how long does it take you to do your imaging? Just curious. JMM Regards, Jerry
Hi Jerry A full macrium image takes 14 minutes. But the incrementals take on average about 1 minute. A typical restore is about 1.5 minutes.
