Malwarebytes Anti-Ransomware Beta
Most likely, your antivirus utility does a great job keeping your computer safe from malware. There are always exceptions, and sometimes a new virus or Trojan can get through the protection. An antivirus update will usually resolve the problem quickly. If the ransomware was encrypted, it’s a serious problem. Although the antivirus software can be updated to remove the infected program, it will not undo the damage. Your files are still encrypted and inaccessible. Malwarebytes Anti Ransomware Beta is designed to save you from this pain by catching ransomware that your antivirus missed.
Do not be afraid to use the beta version of the name. This product is currently in beta testing and receiving the latest Malwarebytes ransomware-fighting technology. The company later transfers the technology into Malwarebytes Anti-Ransomware for Business, once any rough edges have been mended. This satisfied the IT team who prefer slightly older tech over the most recent.
As part of the full-scale anti-virus replacement, Malwarebytes 3.0 Premium, you will also get ransomware protection. This standalone ransomware protection product can be used in conjunction with your main antivirus to detect any malware that is not detected by it.
Ransomware Protection Styles
Security products can implement ransomware prevention in a variety of ways. One method is to restrict access to certain files or locations. The green light is given to known good programs like Office and Windows components. The security product alerts users if an unknown app attempts to access their computer. The user can whitelist the unknown app with one click if it is a new document editor; if it is ransomware, another click will send it to quarantine.
Certain products only prevent the modification of protected files. Some products, such as IObitmalware Fighter 5 Pro or Panda Internet Security, prevent unauthorized access to protected files. This protection prevents data-stealing Trojans, such as Panda Internet Security, from stealing your private data.
Ransomware might subvert whitelisted programs or find a way around access restrictions. A product that can detect ransomware by its behavior might still be able to stop the attack. Malwarebytes Anti-Ransomware does exactly that. Cybereason RansomFree follows a similar approach.
Ransomware-specific protection layers can be found in many standard antivirus products. Trend Micro and Bitdefender include this component. Webroot SecureAnywhereAntiVirus malware detection is behavior-based. The journaling and rollback system of this tool for unknown programs can reverse ransomware attacks. However, the company warns that there is limited space for rollback and journaling.
Get Malwarebytes started
Malwarebytes Anti Ransomware is a small, lightweight program that can be installed in just a few minutes. The main window is simple and has only three tabs: Dashboard (Quarantine), and Exclusions. The dashboard confirms that protection has been activated and provides a link to turn it off or on. Unless the ransomware attack is stopped, you won’t find anything in quarantine.
Why would you want to hide a file? This is a beta product and legitimate encryption products might be caught in its net. You can rescue the false positive from quarantine and add it to the exclusions.
Ransomware protection is difficult to test. Malicious programs can sometimes detect signs of testing and then go quiet. If you don’t be careful with ransomware samples from the real world, they could escape their virtual prison and cause real damage.
Easy-to-test products like Panda Internet Security, which restricts access to files, are available. This type of protection is easily tested by me using small test programs.
Sometimes, however, I have to resort to real ransomware to protect myself from behavior-based protection. I am still developing my ransomware testing. I currently have three real-world threats, which I collected from dangerous websites. Malwarebytes performed well in my hands-on test.
The ransomware’s first sample is moody. It often runs in the background and does not do anything. Malwarebytes is given a pass because it doesn’t have any behavior. Behavior-based detection cannot be done without Malwarebytes.
Malwarebytes spotted the second one and quarantined it. They then requested a reboot to complete its cleanup. After reboot, I noticed that the ransomware had encrypted several files during Malwarebytes’ behavior analysis. This seems to be a natural result of behavior-based detection. There is no detection of ransomware behavior is not present. Malwarebytes’ contact said that they are “really close to solving this.”
Malwarebytes also attacked the third sample. After rebooting, I was tempted to think that the ransomware was still in operation. It displayed its ransom demand in several formats, including a text file and an HTML document. The ransomware had simply placed those files in the startup folder so that they would open at startup. The malware application was not found. Again, the malware encrypted multiple files before protecting them.
Actual ransomware is the only reliable method to test behavior-based ransomware detection. A simulation that replicated exactly the behavior of an encrypted ransomware threat would be considered malware. But, this is not a reason to abandon testing with simulated ransomware.
RanSim is a ransomware protection tool that KnowBe4, a security company, released for free. It can run modules that implement ten commonly used encrypting ransomware methods, along with two similar but harmless ones. The best product should be able to block all ransomware techniques while leaving innocent ones alone.
The active ransomware protection in Acronis True Image 2017, New Generation blocked all but one simulated attack when I tested it. A full backup is great for recovering from malware attacks.
RansomFree detected no simulated attacks. The program’s developers pointed out that the simulated attack only affects files several levels below the Documents folder. This is not the case in real-world ransomware.
Malwarebytes was active in defending against eight of the simulated attacks but failed to stop two. Due to the difficulties in using simulated ransomware I consider it a plus that a product detects RanSim modules. However, I view a RanSim failure, not as a negative but uninformative.