Cybereason RansomFree - Review 2022

If your antivirus fails to catch a information-stealing Trojan, you can get a new credit card. If an actual virus gets past its defenses, an aggressive cleanup tool should take care of the problem. But if your antivirus misses a ransomware attack, yous might lose all your documents, or even lose access to your reckoner. That's where Cybereason's RansomFree comes in. This free, dedicated ransomware protection utility works alongside your existing antivirus software. It focuses 100 percentage on detecting and preventing ransomware infestation past watching for behaviors common to these attacks. In testing, with nasty, existent-world malware samples, information technology gets the job done.

Members of the Cybereason squad got their training in the aristocracy Unit of measurement 8200 of the Israeli Intelligence Corps, a team dedicated to cybersecurity. They cutting their teeth on armed forces-level cyberattacks, and they now supply high-cease defense force to major companies including SoftBank, Vizio, and Lockheed Martin. As the ransomware epidemic began to put more than consumers at risk, the company's CEO decided to extract the ransomware component from the total Cybereason security suite and give that ransomware protection to consumers for free. Small businesses tin can also use it; bigger businesses should consider the full-scale Cybereason service.

Immediately after installation, RansomFree starts protecting your system confronting ransomware. It runs in the background, watching for behaviors specific to ransomware. As part of this process, it creates "allurement" files in prime locations similar the Desktop and the Documents folder. There are no antivirus signatures; RansomFree relies on beliefs-based detection.

Cybereason RansomFree Welcome

Assail of the Ransomware

RansomFree was among the beginning ransomware-specific security tools that I reviewed terminal year. At the fourth dimension I only had a couple of real-world samples, plus hand-modified variants of those. I now accept a six samples covering various ransomware families. RansomFree detected and blocked them all.

When it spots a process that acts like ransomware, RansomFree suspends that process and displays a large warning. You lot click Yeah to terminate the process and clean upward whatever problems. You could besides click No, just I don't recommend that. There's a link to view all files created, modified, or deleted past the offending process. Reviewing this info, I could see, for case, that i assaulter created an executable file with a random proper noun right in the Documents folder, and turned over control to that program. Another deleted its on-disk presence after loading into retentiveness.

Cybereason RansomFree Bait Files

In some cases, RansomFree popped up two or even three times; I e'er clicked Aye. On completion, it warned that the ransomware might accept left behind a ransom annotation or other detritus that you must clean up manually. Indeed, I found bribe notes in a couple cases.

I've run into a couple of products that failed to preclude a ransomware assail launched at Windows startup. IObit Avant-garde SystemCare Ultimate is an example, equally is the free CyberSight RansomStopper. When I configured a ransomware sample to launch at startup, RansomFree had no trouble detecting and terminating it.

I accept on mitt a minor, unproblematic ransomware simulator, a program I wrote myself. All it does is detect the text files in the Documents binder and applies XOR encryption to them. This technique simply flips all the 1 bits to zero and all the cypher $.25 to one; applying information technology a second time decrypts the file. This proved to be likewise simple-minded for RansomFree to find, and indeed, it'south not truly subversive. Quite a few other competing utilities ignored my FakeCryptor, among them Acronis and CryptoDrop Anti-Ransomware.

Cybereason RansomFree Ransomware Activity

Disk Encryption Ransomware

The nearly common type of ransomware encrypts your essential files, but leaves the estimator working. That makes perfect sense, considering the victim needs cyberspace and computer admission to pay the ransom. All the same, in that location's another, less mutual type that performs whole disk encryption, effectively bricking the device until yous pay up. The notorious Petya ransomware is i such, and I've managed to snare a Petya sample.

Behavior-based ransomware protection utilities don't necessarily protect confronting this blazon of attack. Of the four other products I've tested since obtaining the Petya sample, Acronis and RansomStopper prevented a Petya attack, only Malwarebytes Anti-Ransomware Beta and CryptoDrop didn't.

A Cybereason weblog post led me to retrieve that RansomFree might cease Petya. Withal, when I launched my sample, it proceeded to crash the system and run a pretend low-level deejay repair on reboot. In reality, it was encrypting the deejay, non repairing it. It is worth noting that disk-encrypting ransomware is much less common than the file-encrypting blazon, and that your antivirus would nigh likely catch it before it could do whatsoever harm.

Fake Ransomware Conundrum

KnowBe4 is a company known more for its antiphishing trainings than for products, merely it does offer the free RanSim Ransomware Simulator. Without touching any of your own precious files, RanSim simulates the ten most common ransomware techniques, likewise as two innocuous related techniques that ransomware protection shouldn't block.

SecurityWatch

I installed RanSim on the test system and ran its test sequences, with disappointing results. RansomFree correctly refrained from interfering with the two false-positive scenarios, just information technology also did nothing to block the x ransomware scenarios.

Afterwards some digging, caput-scratching, and confabulating with both Cybereason and KnowBe4, I came to sympathize the problem. RanSim puts its test files in folders within folders, four levels below the Documents folder. Encrypting such files without touching the bodily contents of the Documents folder just isn't a behavior matching whatever real-world ransomware. And then RansomFree ignores information technology. Acronis blocked all x scenarios, and Malwarebytes got viii. Others wiped out the entire test platform, pregnant information technology couldn't report any results.

Other Avenues

Ransomware is a serious problem, so information technology's not surprising that other companies have devised their own methods to combat it. All malware detection in Webroot SecureAnywhere AntiVirus is based on behavior, not just ransomware detection. The antivirus immediately wipes out any process that matches an existing malware behavior profiles. If information technology isn't 100 percent clear that a suspect process is malicious, Webroot journals its local deportment and virtualizes any nonreversible actions such as sending information out across the internet. When its cloud-based assay later identifies that suspect procedure as malware, the local client uses the journal information to reverse all actions by that process, including reversing the encryption actions performed by ransomware.

You lot must purchase the full Panda Cyberspace Security suite to get ransomware protection from Panda; the standalone antivirus doesn't include the Data Shield component. Data Shield aims to protect your precious documents against all unauthorized access, and then ransomware tin't encrypt your files, and Trojans can't steal your data. If Panda detects an access attempt by any unauthorized programme, information technology asks you whether to let it. Naturally yous'll grant permission to that new give-and-take processor you just installed, simply if the request comes out of the blueish, deny it!

Cybereason RansomFree About

Trend Micro Antivirus+ Security and Avast Internet Security are among the other products that foil ransomware by preventing unauthorized file modification. However, they don't prevent read-simply access the mode Panda does.

In the realm of tools specifically designed to fight malware, about all use behavior-based detection. Bitdefender Anti-Ransomware is an exception; it works by subverting the ransomware'south ain techniques for avoiding double encryption, "vaccinating" the system and then the ransomware thinks information technology has already done its chore.

Cheque Betoken ZoneAlarm Anti-Ransomware supplements behavior-based detection with a system for recovering any files that might take been encrypted before detection kicked in. In testing, it did a perfect task, even eliminating the scattered ransom notes.

With Acronis Ransomware Protection, you get 5GB of cloud storage for your sensitive files. If ransomware encrypts a file or 2 before detection, Acronis just restores from its protected backup. If 5GB proves insufficient, y'all tin can ever upgrade to the visitor'south Acronis True Image backup service, which naturally includes the anti-ransomware component.

Trend Micro RansomBuster goes all out, fighting ransomware on multiple fronts. Its Binder Shield blocks modification of sensitive files, it uses behavior-based detection, and it recovers files from secure storage if necessary. Notwithstanding, when I turned off Folder Shield for testing, the behavior-based detection missed several samples.

Suspenders and Chugalug

RansomFree is, as the proper name suggests, free, and when we tested it with real-globe, nasty ransomware, information technology did yeoman service. It's not by whatever means a universal solution, just information technology'south a worthwhile addition to your full general-purpose malware protection utility. I've installed it on my master production PC, and I'd propose you consider calculation it or some other complimentary ransomware protection utility to supplement your full-scale antivirus protection.

Cheque Point ZoneAlarm Anti-Ransomware is our Editors' Choice for ransomware-specific security. While it isn't gratuitous, it besides isn't expensive. It protected against all our ransomware samples and recovered files as necessary, without strewing bait files around the system.