Ransomware is undeniably touted today as one of the most dangerous malware that can infect our computers, locking up our files with practically nowhere to go. Many variants have popped up this year, all differing in how they function, but with one common act: encrypt files and demand a large amount of money. With this in consideration, a new initiative aims to stop ransomware before it can cause total havoc on people"s computers.
Dubbed "RansomFree," the software is designed by Cybereason, a security firm. Available for machines running Windows 7 to Windows 10, including Windows Server 2008 R2 and 2012, the company claims that the free program can stop 99% of ransomware strains, which includes those that have not yet been seen.
The program utilizes “behavioral and proprietary deception techniques” in order to detect and stop ransomware. RansomFree starts by creating randomly-named folders on the infected system, which will act as honeypots. These folders are named with characters including: ~ and !, as they are low on the ASCII table, and will be the first ones to be encrypted by the ransomware.
Should these files be encrypted anytime, RansomFree detects the originating process of the attack, and suspends it. It will then prompt the user that an unusual activity has been detected, and ask if they want to terminate the process, or let it continue. It also presents a list of the files that have already been encrypted by the malware.
Uri Steinfield, senior security researcher explains RansomFree further. He states:
“RansomFree relies on the common denominator of all ransomware, no matter their distribution or method of operation — they all need to search for target files on the local drives and encrypt them. By anticipating these common patterns, RansomFree can bait ransomware to expose their intentions and accurately detect them before they are able to fully achieve their malicious goal.”
Furthermore, according to Steinfield, due to the ever-evolving world of ransomware, RansomFree will be constantly updated to better protect users.
You can download RansomFree on Cybereason"s website for free, which can be found here.
Back in July, the No More Ransom initiative was unveiled, aiming to turn the tables on cybercriminals. It provides free decryption software to at least 20 ransomware variants, and it also gives proper advice on how to keep a computer protected.
Despite the protection promised by RansomFree, Cybereason states that having the software is only the first step towards protection. It is also recommended to have a solid backup of all your files. Also, as per usual, it pays to be careful of where we go on the internet, staying away from sketchy websites that might be hosting malicious content. Lastly, keeping our computers updated can also go a long way, to keep ourselves protected in the fight against ransomware.
Source: Digital Trends, Bleeping Computer