Q: Have you heard of RansomFree from Cybereason and would you recommend it?
“Ransomware” is malware that attempts to gain access to your computer with the intent of locking you out of your own personal files and demanding a ransom to unlock them. As the threat of ransomware grows, utilities that are specifically designed to protect users from becoming a victim are hitting the market.
The level of encryption being used by current versions of ransomware is so sophisticated that your only options are to pay the ransom or lose everything if you don’t have a separate off-site backup.
What RansomFree does
The company that created this free tool examined the process that most of the known ransomware attacks follow and created special folders and files known as a “honeypot” to detect threats. The file structure of these dummy files is designed to be one of the first targets of an attack, which the program monitors in order to alert you of a potential attack.
This means that in order for the program to alert you, a small number of files will be sacrificed with the hope that they’re the files that were setup as the honeypot.
The whack-a-mole problem
While RansomFree’s approach is unique and inventive, there’s a problem that the entire security industry has struggled with since the beginning of time: They’re all playing whack-a-mole.
Just as RansomFree was created by examining what ransomware programs typically do, malware authors can conversely see what RansomFree is doing and change up their scripts to avoid or delay detection. There could eventually even be a direct mitigation code that would attempt to disable the program if it becomes widely used, so as always, it’s a moving target.
What this should tell you is that a single layer of protection should never be relied upon when it comes to the threat of ransomware.
Unlike a lot of other malicious activity floating around the internet, ransomware has proven to be a solid moneymaker for cyber-crime syndicates, which ensures that they’ll continue to evolve their threats in order to side-step any and all security layers as they’re developed.
Blended protection
Just about every major anti-virus/internet security program is including some form of ransomware detection and protection these days, so check to see what you might already have installed.
If you don’t have anything, installing RansomFree couldn’t hurt, but since we’ve established that just about any security program can potentially be thwarted, how you backup your critical files becomes your last line of defense.
If you have a backup that is out of reach of the ransomware, you’ll never have to pay the ransom.
Unfortunately, traditional local backups via an attached external hard drive will be of no value if your system is attacked because anything accessible to the computer is also encrypted.
The best backup schemes incorporate the 3-2-1 approach: 3 copies of your data on at least 2 different devices with 1 copy off-site.
The best and most cost effective defense against ransomware for most users is an online backup service such as Carbonite because it’s not directly accessible during an attack and it’s automated.
Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.