ransomware capable antivirus?

Discussion in 'other anti-malware software' started by brians08, Mar 22, 2016.

  1. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    40
    I keep reading about more and more sophistication of ransomware but I don't see much about how antivirus is addressing it. I suppose the basic plan is to block the malware by signature and/or heuristics but I would like to see some specifics targeting ransomware.
    One strategy would be to scan the hard disk and randomly select files that are likely targets for encryption. Then open these files and perform a statistical analysis on the content. An encrypted file shows up as pure random data so it can't be hidden. Anything doing that sort of thing yet?
     
  2. erikloman

    erikloman Developer

    Joined:
    Jun 4, 2009
    Posts:
    3,032
    Location:
    Hengelo, The Netherlands
    HitmanPro.Alert blocks professional ransomware without signatures or cloud connection. Background here:
    https://hitmanpro.wordpress.com/2016/02/20/are-you-up-all-night-after-getting-locky/
     
  3. auron12

    auron12 Registered Member

    Joined:
    Nov 24, 2012
    Posts:
    11
    Location:
    Greece
    The most capable security solutions for this are the white list programs like vodooshield.
     
  4. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,734
    Malwarebytes Anti-Exploit to mention.
    strategies are going to fail in any way, best method is to backup regularly and to lock those backups against encrypting trojans - those are capable to infect all attached storage devices incl. NAS.

    at least all trojans and 0day exploits were tested against all current antivirus - so pretty pointless to count on such software.
     
  5. brians08

    brians08 Registered Member

    Joined:
    Apr 27, 2008
    Posts:
    40
    Hitman sounds promising. Heuristic test for encryption should work. There's no way to hide the fact that a program is encrypting data.
    Would still like to see a robust backup strategy as well. Cloud backups are fine unless you want to use disk images. A disk image of a 2TB disk just isn't practical in the cloud. I am still looking for a NAS that can work as write once storage. My backup software could write new backup files to the NAS but then the NAS marks them as read only after some time period so ransomware can't alter them. Probably will need to go with FreeNAS or a straight up LINUX box as as NAS server since I don't see anything out there that does this off the shelf (affordable for personal use anyway)
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,050
    Aside from Hitman which does indeed work, Emsisoft will also protect you, as would ERP and Appguard. As for backup, file is good imaging is better. A file backup would be a bad solution against Petya, as you would have to reinstall Windows. A disk image would just mean a restore.
     
Loading...