New anti-ransomware tool: RansomFree stops malware processes when encryption attempts are detected

by Olivia Morelli - - 2016-12-22

Cybersecurity company called Cybereason recently released a revolutionary tool RansomFree,^[1] which can protect computers from ransomware attacks. RansomFree is compatible with Windows 7/8/10, Windows Server 2010 R2 as well as 2008 R2 computers, and can be used alongside antivirus, anti-malware or anti-spyware software. The tool uses a specific strategy and sets up baited traps for ransomware – numerous folders across the computer system that contain a bunch of dummy files. These fake folders have filenames that start with certain ASCII table symbols.^[2] Why? The idea of this strategy is to lure the ransomware to encrypt these folders first. Meanwhile, RansomFree watches the operating system, and as soon as changes to these dummy files are detected, it tracks down the process that corrupts files and quarantines it until it receives commands from the computer user. It displays a pop-up alert that asks the user whether RansomFree should allow the process to run or terminate it and remove the threat.

RansomFree project joins the fight against ransomware

RansomFree currently can stop the top-notch ransomware viruses^[3] such as Locky, Cerber, CryptoWall, Jigsaw, and many others. The disadvantage of RansomFree is that it might still allow viruses to encrypt some files until the infection reaches the dummy files. However, it goes without saying that it is better to lose a few files than all of them. However, to prevent the agony of data loss, users should backup their files regularly.^[4] Speaking of downsides, we can say that RansomFree might fail to stop viruses that approach data using different tactics. Some researchers say that SamSam and other ransomware can easily encrypt most important files without stepping on the dummy records set by this tool.^[5] However, this tool is brand new, and developers of this tool will surely improve it over time – they promise that “RansomFree will evolve as ransomware evolves.” Some users have already expressed their opinions about the tool and suggested improvements that would allow every user customize the tool settings so that it would report programs that make modifications to indicated files, for example, images or documents. In our opinion, this tool is promising, and it is unquestionably a step forward in the never-ending fight against ransomware.

About the author

Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at 2-Spyware.com. She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions

References

^ Official site of RansomFree. Cybereason.
^ ASCII. Wikipedia, the free encyclopedia.
^ Ransomware. Microsoft. Malware Protection Center.
^ How to stop ransomware: Backup can protect you, but only if you do it right. PCWorld - News, tips and reviews from the experts on PCs, Windows, and more.
^ Server-side Ransomware SAMSAM Hits Healthcare Industry. Trend Micro USA. Security News.

Read in other languages

• Nederlands
• Polski
• Deutsch
• Français
• Italiana
• Dansk
• Español
• Türkçe
• Svenska
• Suomen
• Norsk
• ελληνικά
• Magyar
• 官话
• Hrvatski
• 日本語
• Română
• Български
• Eestlane
• Latvietis