https://www.mrg-effitas.com/wp-content/uploads/2016/07/Zemana_ransomware_detection.pdf Interesting test paid for by Zemana between ZAM, MBAR, HPMA, and CryptoPrevent. The winner ...... ZAM. Ten non-0-day ransomware samples plus a one synthetic python MRG created sample that no one detected. MRG contention that pre-execution reputation and sandbox execution scanning more effective at ransomware detection than post-execution behavioral analysis. Bodes well for most of the major AV scanners that employ heuristic analysis and reputation scanning coupled with internal sandboxing. Test details are that MRG changed the ransomware samples code so ZAM would not detect the non-0-day samples by hash signature forcing use of reputation analysis and cloud sandbox execution. -EDIT- Noteworthy is no script based ransomware tested which I believe ZAM would have failed on.