One of the biggest security stories of 2016 was the rise of ransomware.
In August, a study by security company Malwarebytes said that nearly half of all U.S. businesses had been hit by the malware. More recently, Kasperksy said ransomware attacks had increased threefold against businesses worldwide from January to September. And all throughout the year, ransomware that locked down the PCs of everyday users made headlines.
Hoping to stop ransomware in its tracks, security firm Cybereason announced a new anti-malware security program on Monday called RansomFree.
What is ransomware?
Ransomware is a particularly vicious type of malware. Once it lands on a system, ransomware begins to encrypt business or personal files on the hard drive. After the task finishes, the program demands money from the victim, usually in the form of Bitcoin. Typically, once the ransom is paid the malware assists with the decryption process to release your files—but not always. One 2016 variant, for example, just took the money and deleted the files on the hard drive.
But demanding money is just the tip of the iceberg. “Really, they could ask you for anything,” says Yoel Eilat, a senior product manager with Cybereason. Case in point: The recently discovered Popcorn Time ransomware. If a user doesn’t have the cash to pay the ransom, or doesn’t want to pay the fee, they can share a link with their colleagues and friends to encourage them to download the malware. Anyone who successfully dupes two people into infecting themselves gets off scot-free—minus two friendships, that is.
It’s still early days for anti-ransomware solutions. Malwarebytes ran a beta earlier in 2016 for an anti-ransomware program, and advertises Malwarebytes 3.0 as capable of fighting this type of malware.
But Cybereason believes RansomFree has what it takes to lead the charge against ransomware. The desktop program for Windows 7 and up (as well as Windows Server versions 2008 R2 and 2012) uses behavioral analysis instead of regularly updated malware definitions to fight the bad programs. Cybereason took a look at all the ransomware it could find, and analyzed the programs for common characteristics. It then built a program to monitor for those behaviors.
RansomFree’s warning window.
If RansomFree finds any such behavior on your system, it flags that program for your review. By default, the program suspends any activity it deems suspicious—even if it’s a legitimate encryption program that has some behavior in common with ransomware. It’s then up to the user to either enable the program, or allow RansomFree to permanently quarantine the malware.
Sign up for Computerworld eNewsletters.