Ramblings of an old Doc
I'd recommend it but...
Published on December 20, 2016 By DrJBHL In Personal Computing

 

Well, it's free and is made to be a high level program for PCs running Windows 7, 8 and 10 (x32 and x64):

RansomFree needs to be installed on the target machine. The protection that it adds to the system is interesting, as it creates a number of files on the system that it monitors for changes.

These files use characters that place them at the top of the directory structure. The idea is that ransomware will parse for files using the same structure so that the created files will be targeted first by the attack.

The company behind the product believes that this is the best proactive way to detect ransomware on a PC at the earliest...Ransomfree places popular file formats, docx, doc, sql, xls and so on in the folder which are often targeted by ransomware attacks as they are - usually -- personal or work related." - gHacks

 

CyberReason state they've tested their software against forty known threats and it stops them cold. BleepingComputer (link below) confirmed this but with a more limited number of known threats. RansomFree isolates low level ASCI encrypted files and protects them and uses any changes being made to them as the alarm to have you cease their being accessed. They do this because: 

"Cybereason researched tens of thousands of ransomware variants belonging to over 40 ransomware strains, including Locky, Cryptowall, TeslaCrypt, Jigsaw and Cerber and identified the behavioral patterns that distinguish ransomware from legitimate applications. While each ransomware strain was written by different criminal teams, they all exhibit the same low-level file-related behavior. Ransomware attempts to encrypt as many files as possible, as quickly as possible.

Cybereason has developed a unique behavioral approach to stop ransomware in its tracks. Since we’ve identified the typical pattern of behavior, we know how and where ransomware will start encrypting files. We built this knowledge into RansomFree: a free, anti-ransomware software that detects and blocks ransomware.

By targeting the common behavior of ransomware, Cybereason RansomFree protects against 99 percent of ransomware strains. RansomFree detects ransomware, suspends the activity, displays a popup that warns users that their files are at risk and lets the user stop the attack with one click.

RansomFree protects against local encryption as well as the encryption of files on network or shared drives. The encryption of shared files is among the doomsday scenarios an organization can imagine. It takes only one employee on the network to execute ransomware and affect the entire company.

RansomFree catches stand-alone ransomware programs as well as fileless ransomware. Stand-alone ransomware uses vulnerabilities in applications, like buggy Flash code, but fileless ransomware abuses legitimate Windows tools, like the PowerShell scripting language or JavaScript, to carry out its malicious intentions." - CyberReason

The problems are 1) 99%, not 100% because their behavior isn't 100% consistent and 2) It will only be a matter of time before the ransomware programmers adopt a different approach from the one being protected against.

Still, it's better than nothing, but folks, configure your firewall correctly as a first step: https://technet.microsoft.com/en-us/library/cc700820.aspx 

As gHacks put it: 

"It is best to complement anti-ransomware tools with other means including backup creation and resident security solutions such as a properly configured firewall." - gHacks

CyberReason's homepage: https://ransomfree.cybereason.com/

 

Sources:

http://www.ghacks.net/2016/12/20/ransomfree-protect-pc-ransomware/?_m=3n%2e0038%2e1950%2ehj0ao01hy5%2e213l

https://ransomfree.cybereason.com/ (also the download page (in the top banner)

https://www.cybereason.com/blog-cybereason-ransomfree-protecting-your-data-from-being-held-hostage/

https://technet.microsoft.com/en-us/library/cc700820.aspx

https://msdn.microsoft.com/en-us/library/cc875811.aspx

 

 


Comments (Page 3)
on Mar 22, 2017

I have to count mine first.

on Mar 28, 2017

Ransomfree blocked a ransomware attempt today for the first time.  I had done two things immediately prior - viewed the article DrJBHL linked to about Bandizip 6.0 and installed today's Firefox update (52.0.2) - and had restarted.  On restart, a new desktop profile was created even though I had signed on via my customary login avatar with my normal PW.  I logged off, logged on using my customary login again, this time my normal desktop profile appeared and I was presented with the detection message.  I allowed it to clean the ransomware and all appears back to normal. 

on Mar 28, 2017


Ransomfree blocked a ransomware attempt today for the first time.  I had done two things immediately prior - viewed the article DrJBHL linked to about Bandizip 6.0 and installed today's Firefox update (52.0.2) - and had restarted.  On restart, a new desktop profile was created even though I had signed on via my customary login avatar with my normal PW.  I logged off, logged on using my customary login again, this time my normal desktop profile appeared and I was presented with the detection message.  I allowed it to clean the ransomware and all appears back to normal. 

Even just one win makes it all worthwhile...

on Mar 28, 2017


Even just one win makes it all worthwhile...

Amen to that.  I am in Doc's debt (yet again). 

on Mar 29, 2017

That's why they call him "The Doc". DRJBHL takes care of us folks. 

Meta
Views
» 36091
Comments
» 35
Sponsored Links