What is ransomware? Ransomware is a form of malware used to threaten victims by blocking, publishing or corrupting their data unless the ransom is paid. Attackers typically infect end users with a virus, trojan or worm and lock down a network’s endpoints, requiring payment in return for access to the end user’s files. If they refuse, the virus may destroy or harvest an entire network’s data.
Worms are often used as ransomware attack tools because they are specifically designed to replicate rapidly and infect computers connected to their hosts. Trojans, meanwhile, are useful because they disguise malware as a legitimate file and trick users into downloading them.
Once the user has been infected and hackers gain control of the network, end users will be restricted from doing anything besides paying up. Their fee will typically require a payment via cryptocurrency, since it is nearly impossible to track once the transaction is complete.
2017 was the year ransomware became a widely known term outside the cybersecurity community. Stories of new ransomware attacks popping up everywhere at a scale unseen before.
These attacks cost companies $544 billion in the first six months of 2017 alone, according to Symantec’s Ransomware 2017 ISTR Special Report. Furthermore, the report showed a continued year-over-year increase of ransomware. Attacks hit dozens of countries including the U.S., Japan and Italy, just to name a few.
Luckily, ransomware attacks are trending downward in terms of frequency. Few victims were actually paying the ransoms; what’s more, new forms of malware are emerging that are more effective and stealthier. Threats such as cryptocurrency mining malware can utilize a victim’s computing power without them even knowing.
Still, ransomware attacks aren’t only targeting corporate conglomerates. 43 percent of cyberattacks are targeted toward small businesses. And as a result, companies should be adopting cybersecurity technologies with the features necessary to protect against ransomware threats.
This is an example of the user-facing component of 2017’s WannaCry ransomware attack. It was the largest attack of its kind, impacting 300,000 endpoints in May 2017.
How to Avoid Ransomware
The easiest way to protect against malware is through employee education, and security awareness training is becoming more common. These courses and seminars help companies inform employees of the dos and don’ts of online behavior.
Employees learn how to identify phishing or spoofing content that aims to trick users into downloading malicious files or giving hackers sensitive information. Malicious downloads can spread worms or viruses across a network quickly, and that sensitive information can be used to gain access to networks, applications and databases where hackers can wreak havoc on unsuspecting companies.
Ransomware protection software and solutions can come in many different forms. The most common practice is employing a backup or disaster recovery solution. These tools keep company information stored securely in an isolated environment in case cloud or local storage systems are compromised.
If hackers threaten to delete your company’s data, the amount of data lost can be significantly diminished. Important features to keep in mind are continuous backups and disaster recovery capabilities. Continuous backups will automatically sync data to keep it as up to date as possible. Disaster recovery will simplify and expedite the process of recovering upon an attack.
Secure email and web gateways are useful tools to limit the amount of potentially dangerous content employees come into contact with. Email gateways will improve spam filtering and phishing identification. Web gateways will do the same, but with unsecured sites and dangerous links. Both solution types often come with file scanning features to prevent dangerous downloads from actually getting into the network.
Endpoint protection and antivirus solutions are increasingly providing ransomware protection capabilities. Antivirus products will improve the overall protection of endpoints and increase a user’s ability to discover threats. Endpoint management tools can help keep devices and applications safe by requiring updates and patching vulnerable components.
How to Remove Ransomware
Ransomware removal can be a little more complicated than general protection. Once the malicious program has infected a system, it can be difficult to inspect, locate and remove.
It will be easy to tell when ransomware is present, as a locked screen requesting payments won’t be very interactive. Fortunately, many devices such as PCs and smartphones possess a Safe Mode which runs a program to scan for and remove malware.
Other tools can increase your chances of a full recovery. Incident response solutions are helpful tools designed to help users remediate threats once they’ve been discovered. Some tools such as Demisto and Cybereason have features specifically for ransomware removal and inspection.
Security Information and Event Management (SIEM) solutions are suites designed to document tons of logs and improve response time and forensic analysis. Splunk and Trustwave, for example, are SIEM solutions with significant incident response capabilities.
Companies that don’t have on-hand staff to handle all of their security needs can always work with cybersecurity consulting and cybersecurity service providers. They range from consulting and implementation assistance to incident response and fully managed security services.
Free Ransomware Protection Software
These are a few selected products that offer free ransomware protection as either part of their central offering or a simple free download for general use.
G2 Crowd Star Rating: 4.2 out of 5
Bitdefender offers a range of cybersecurity solutions, including a completely free anti-ransomware tool. It defends against common forms of malware and is advertised as easy to use for non-security individuals.
The tool itself can be used to remedy existing ransomware infections and protect against new threats as they emerge. Additional features include behavior based detection and file modification prevention.
Vendor Quote: “Bitdefender Anti-Ransomware is a free security tool that offers next-gen protection against the CTB-Locker, Locky, Petya, and TeslaCrypt ransomware families by keeping your files safe from encryption in a simple and non-intrusive way.”
User Quote: “The ransomware protection and the different options that this program give to you…The firewall and the other configurable options are awesome! Using this Gravity Zone about 2 years more or less, and still using. I don’t dislike anything.” — Bitdefender user review
G2 Crowd Star Rating: 4.8 out of 5
Cybereason’s flagship product is an endpoint security and incident response solution, but the company offers a free anti-ransomware solution called RansomFree. It detects ransomware, freezes activity and warns users of discovered threats.
Vendor Quote: “RansomFree protects against 99% of ransomware strains, including Bad Rabbit, NotPetya, and WannaCry”
User Quote: “Cybereason RansomFree is a great tool for preventing ransomware attacks and we installed this software in all our workstations and servers since WannaCry appeared. Cybereason RansomFree is and extra security layer we have now implemented.“ — Cybereason user review
G2 Crowd Star Rating: 4.1 out of 5
Acronis provides an array of backup solutions that range from personal backup to enterprise-ready disaster recovery. Its free ransomware solution was released in early 2018. The tool blocks ransomware attacks and provides users with 5 GB of free cloud backup. Additional features include backup automation and file recovery tools.
Vendor Quote: “Ransomware attacks someone every 10 seconds. Don’t be a victim. Our free tool delivers proven, powerful protection from ransomware like Petya, WannaCry and Osiris, and it’s completely compatible with all leading anti-malware solutions.”
User Quote: “Easy to use and covers all the basic features. Rapid restore and user friendly. [I] mostly [use it] to ensure against user stupidity – accidental deletion, ransomware, etc.” — Acronis user review
Trend Micro Ransom Buster
Vendor: Trend Micro
G2 Crowd Star Rating: 4.0 out of 5
Categories: Endpoint Management
Trend Micro is a well-known security vendor and provides a free ransomware protection tool called Trend Micro Ransom Buster. It’s geared toward Windows devices and comes included in standard Trend Micro offerings. The tool provides automated backups and flexible access governance, and integrates with common applications such as Microsoft Office.
Vendor Quote: “Ransom Buster protects against all forms of ransomware and adds an additional layer of protection to your PC to safeguard your important files and treasured memories – even if you already have security software installed.”
User Quote: “I really like all the security features this product offers. From the ransomware protection, spyware, and other security protection to straight-out virus protection. Very in-depth management console with a wide variety of tools and information. Reporting is great and they have very good zero-day protection. Low overhead on the devices during scanning and daily operations.” — Trend Micro user review
G2 Crowd Star Rating: 4.5 out of 5
Malwarebytes is a Mac-focused security solution provider that serves both businesses and individual users. Its anti-ransomware offering provides multi-vector protection, blocks ransomware delivery and prevents ransomware execution.
Its business solutions are not free, but the antivirus solution is free for personal use. The ransomware addition is free to try, but jumps to $39.99 per year and supports Windows, Mac and Android devices.
Vendor Quote: “Ransomware poses a real risk to organizations like yours. One successful attack can halt your business operations and negatively impact your brand and customers. Malwarebytes Endpoint Protection proactively fights ransomware at every stage of the attack chain with a blend of signature and signature-less technologies.”
User Quote: “Malwarebytes works like charm against ransomware that has become very common over the past few years. Attacks of this nature can lead to a devastating consequences. So far it’s doing a well done job.” — Malwarebytes user review
While ransomware prevention is an important practice, it’s just one component of a fully protected cybersecurity ecosystem. No single solution will provide a silver bullet for the ever-evolving digital threat landscape.