@Rmus I get phishing emails almost daily in my spam folder. Some are so bad it is absurd. I had a string of court summons and all of them had originating addresses with .ru domains and the attachment was a zip with a javascript file inside. That was followed by a similar string of emails with an invoice for goods or services with a similar zipped javascript attachment. Most of the time Gmail has already disabled the attachment before I even see the email but I've downloaded a few to study. Most of what I would be interested in, destination domains and email addresses, is encrypted so I would have to set up a sandbox to run the JS in debugger mode to get them. I do get phishing emails from friends and relatives whose email account was compromised fairly often too. In one case, I took the trouble to put the phishing link in a sandbox. It was a fake Google account login page but the address in the address bar was obviously not Google. The domain belonged to a photographer's business website and the phishing page was just dumped in a folder on the web server. It was so badly configured that I was able to browse through the directory structure of the server and found a zip file of the php code for the phishing page. I downloaded it and opened the .php file in a text editor. There was no encryption and I found the destination email for the phished information. I sent the phishers an email from a throwaway email address. Just three words which would be a violation of Wilder's terms of service to post. Normally I don't bother to go to that amount of trouble but the email came from someone that I knew and got my attention. Taking a good look at emails and not clicking links is indeed a good approach. As is using ad blockers and script blockers and blocking 3rd party iframes and redirects. And disabling all browser plugins that aren't used and setting those that are on click to play.
Other: My own settings like disabled services, wsh, powershell and so on. Ransomware is way too overrated, just another scareware these days.
I don't see how it's over-hyped, fact of the matter is that it's often delivered via exploits. Of course the chance that you will ever install it yourself (as experienced user) is a lot smaller, but you never know, so I'm not taking any chances.
I've been using Crypto Prevent for a while, in addition to normal precautions like not opening suspicious e-mails, etc.
I rely on my existing install base (AV, AM and Anti-exploit products ) I rely on HIPs and smart use of internet, email attached, links....
I gather from your post that you are using Gmail. I have been using Gmail for years and their spam filter is excellent and safe; sometimes I do check the spam folder to make sure no good email has been spammed by mistake, and the only spam I regularly receive is about sales offers, sexually oriented stuff, but I have never experienced phishing or crypto emails... Maybe the geographical location might have something to do with prevalence.
Where would one have to go to bump into one of these beasts? (and I don't mean a forum for malware exchange...)
Malware Bytes has just introduced a free program to combat ransomware ... http://www.bleepingcomputer.com/new...s-releases-new-anti-ransomware-beta-software/ It is currently in beta. Vote on it as other if you find it useful.
I find their promotional video somewhat funny, it basically says, that if you have medium UAC, you are well protected and do not need our product.
For users that know how to answer to UAC prompt that would be enough. For users that have UAC disabled or OK each popup this software can add some protection. Malware samples were also run by Run as Administrator command, something most users wouldn't do. Even if run without that option malware could encrypt personal files and there would be no UAC popup. I guess that tester just wanted to make sure malware has high privileges.
Well the others do not know, what ransomware is, it is unlikely they will use it. Majority do not even install AV, they just do not bother with it.
Why do you need anything special for them? It's not as if the method of infection is any different, nor is it impossible to remove.
Given how potentially devastating a ransomeware infection can be I prefer to have a layer/program that specifically protects against it. And by the way removing the malware itself has never been the problem. The problem is getting your data back.
Here is an example of Crypto Wall 4.0 and an removal guide. As you can see you don't need any external applications, you can just use Windows Defender + secpol.msc/appguard to harden your setup and restrict the dirs which this kind of ransomeware want to write. If that is done it can't get access to anything. For me such products are overhyped, people should start to explorer windows own mechanism instead of trust yet another company which do almost the same without mention that windows already got such ability's since Vista or earlier already. I admit that there is no fancy GUI but that doesn't mean there is nothing in Windows to protect against such attacks.
There is a discussion on BleepingComputer, started January 26: a few people on W7 PCs have had their Master Boot Record taken over and a ransom has been demanded. "Encrypted Boot Ransomware Support Topic" Security Section. MBAM has rootkit protection, but not sure if their new ransomware protection product could stop this.
Are you aware of any software vendor claiming that "there is nothing in Windows to protect against such attacks"? The purpose of the GUI has always been to simplify access to settings.
My problem with such security products is that they not simplify anything, in fact they coming with it's own settings instead of toggles or news that are designed to harden the OS level. Mostly they all working the same, they installing something external to the OS but that doesn't harden it, because it could be already infected and as a workaround we usually get an 'first scan' option, but again that doesn't change e.g. the chiper settings or something important and also not remove known problematically certificates. Some if not all newer AV's installing there own certificates, which then you must trust, instead of using the own/integrated ones and this is also pretty dangerous because malware could fake/abuse this to redirect the entire traffic without that the AV ever know about it. Don't get me wrong some products are okay but it seems they not evolved by using the OS mechaism, but they still work like the earlier 90's and hacker already know about it and I not trust in AV solution that can't handle cracks e.g Kaspersky's trial reset and cracks working for years without that this was ever fixed, so if they not able to do simply server side check to verify files why should I trust them if they not able to fix such easy stuff?
HIPS, anti-exploit, and other: Ixquick does a good job of disallowing such things to exist in their results. NoScript. Safe practices. And while I don't use Crypto Prevent my default deny/whitelist SRP renders it inert. Even if you don't use a default deny approach there are rules you can enter to make it a non-factor, which have been discussed in here.
You're missing the point, not all ransomware is delivered via exploits, you can also manually run it by mistake. Exploit protection with or without the help of policies won't help in such scenarios. And most people don't know how to configure Windows, so no wonder there is a market for security products who make things easier.
