Free Ransomware Protection Utility

toggle-button
Ransomware is the latest and most dangerous type of malware to hit computers.  If you're unlucky enough to be infected, the malware encrypts all the key document files on your computer.  To get the decryption password you'll need to pay - sometimes up to $500.
 
Any decent antivirus product should protect you against ransomware, but it always pays to be well covered.  So a new tool from BitDefender is worth knowing about.  It specifically guards against ransomware, and it's completely free.
 
It works by tricking any ransomware installer into thinking that your computer is already infected.  So the installer, if you do happen to inadvertently run one, won't continue running because it thinks there's nothing else to do.
 
You can find the program at https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vacci... and it's a 4.5 MB download.  The program is malware-free according to VirusTotal and Web of Trust.
 

Please rate this article: 

Your rating: None
4.764705
Average: 4.8 (34 votes)

Comments

I just read this at the provided link from a Bit Defender Rep dated April 4th,

"Please remember, however, that this is experimental stuff and the lack of licensing also means a lack of guarantees of any kind.
We might discontinue it tomorrow, or cease updating it and never tell anyone, or… you get the drift."

From the gist of the conversations there (I could be wrong) it seems almost that it probably won't work unless you are running Bit Defender A/V or A/M or maybe their security suite. It seems the Rep is saying if you have BD installed you probably don't need it but if you aren't using BD it might not work. I've got to be missing something somewhere. I was wanting to try for more protection but ...

I did see one report of being infected with Locky v3 after having installed the vaccine.

Although I use a competitor, I'm aware that Bit Defender has an excellent reputation and many loyal users. That a company rep is forth coming about potential limitations of the product gains the company more respect in my opinion. Maybe Microsoft should consider that approach.

crosseyedlemon,

I have hardly ever laughed that hard in a very long time. Your "Maybe Micrososft should consider that approach" almost killed me, THANK YOU... ;-))

The best protection against ransomware is up-to-date offline backups.

I totally support Redstick's comments.
GIZMO is a site aimed at promoting helpful tips on IT issues.
By all means submit comments about alternatives but do so in a professional way -do not be rude.
The site is not intended for "my dog is bigger than your dog" comments. There are many opinions and examples where some software options work better for some people but not for others.
The Editor spends a lot of time checking for helpful opportunities and should be congratulated for his efforts not criticized in a rude immature manner.

@crosseyedlemon:

EXACTLY! That nowadays is called business... ;-) And they use Bitcoin exactly because it is NOT traceable.

Although it is quite a mouthful you can read up about Bitcoin here:
https://en.wikipedia.org/wiki/Bitcoin

I'm not sure why Bitcoin has entered the discussion here. My point is that Rob seemed to be suggesting that personal data is being held hostage until users cough up an extortion fee. For someone to attempt that so openly just seems absurd to me unless they are looking to get themselves prosecuted.

The best "FREE" and "PAID" solution is CryptoPrevent from FoolishIT.com. The Ransomware known as "Crypto Locker" hit in 2013 and CryptoPrevent has been on it ever since. The only differewnce between the free and paid versions is auto updates are done manually in the free version along with help through the forums. I used to write my own Group Policy Rules when this junk started BUT, now CP writes over 320 Rules. Plus the germ writers have gotten good at their trade. It was just .exe and .dll files that could run and infect you. Now it's almost any file in disguise and any exploit like the right to left text direction exploit. I used his program in 2013 and learned from it and his written instructions on how and where to place the restrictions. Now there are too many and the thieves have gotten much better. I wonder what will happen when the junk writers decide that "were gonna infect you anyway just to make sure you really are infected." They've got to know this (trick) app exist unless like the first grouch, I mean the first guy said, they've had their head in the sand.

I tried CryptoPrevent and discovered that I had problems installing programs I wanted. I am forever installing and removing new software. I think its because of the changes it made on the group policies.

The problem occurs because some companies install executables in the user's AppData directory. Google update even does this. CryptoPrevent works by preventing execution of such programs (as well as preventing executables with double extensions) but you'll have to unset the group policy temporarily to install such programs and then whitelist them when re-enabling CryptoPrevent.

CryptoPrevent creates a heap of group policies and I find it hard to find the one group policy that is causing the problems.

It's better than most, but I wouldn't rely on it. Go to YouTube and watch 'More fun with ransomeware part 4'.
It's virtually impossible to stay ahead of malware due to security always being at least hours behind new exploits.
A recent (unplugged) disk image/disk clone is still the best defense against ransomeware.

A close second is NOT running Windows.

"A recent (unplugged) disk image/disk clone is still the best defense against ransomeware"

until they learn to spell "air gap".

Anything's possible with a delayed attack. One would hope that anyone who creates a disk image would also make sure beforehand that the original image isn't compromised, as there is no ability for devices on opposite sides of the "gap" to communicate - but that discussion is for a different article.

You should update your source.
Using mics and sound cards to generate high frequency sounds spanning 65 feet, high frequency doesn't take much power to reproduce.
BitWhisper uses Thermal Manipulation between 2 air-gapped computers and requires no dedicated peripheral hardware.
GSMEM uses an internal bus on an air-gapped computer and turn it into an antenna to transmit stolen data over the cellular network.
There are others.
Right now (for the moment) unless you've got big secrets or valuable info you are probably safe BUT, it won't take too long for the above average code writer to make the process easier so all the z-holes can use it to separate us fr4om whatever commodity they think we don't have a right to or need for.

All I can say is if you haven't heard of ransomware or how it works, you've had your head in the sand for the last year or 18 months. You might want to look into the Washington DC area hospital chain, Medstar Health for a most recent attack that was almost certainly caused by ransomware. Also check out Brian Krebs' www.Krebsonsecurity.com, and sign up for his blog or RSS feed.

This isn't really very helpful. Obviously the editor has "heard of ransomware, etc., etc." The article offers a certain amount of protection for small users like us, not mega-corps (which are often notoriously sloppy, security-wise). It is an attempt to prevent us from becoming mini-Medstars, and deserves our support and consideration, not snarky put-downs. To quote Old Bill, "Well, if you knows of a better 'ole, go to it."

Well I'm a bit confused by that first paragraph Rob. It seems to me the only ones able to extort $500 from users with a decryption password would be the ones responsible for the malware infection. That would make it pretty easy for the FBI to trace them wouldn't it?

Drug sites work on bitcoins. The reason it works it because they cannot be traced.

I'm not sure the FBI is going to fly to Kenya for a $500 virus :)

Thanks for the Heads Up!