Suppliers have spent 2020 strengthening their ability to quarantine, detect and remediate ransomware, delivering protection from active directory and workgroups to servers and critical systems. Some suppliers focused heavily on the front-end, scanning workgroups to identify threats and categorizing files and processes at the point of execution to determine if they’re good or bad.
From a detection standpoint, companies have doubled down on their ability to recognize telltale indications of ransomware in software and stop threats without IOC signatures. And on the back-end, vendors have focused on blocking the execution of rogueware before the system is infected and preventing malicious applications from running on servers and critical systems.
Three of the hottest ransomware protection tools of 2019 came from European companies, three came from companies based in the Northeastern United States, three came from companies located in the Western United States, and one came from a supplier in the Southern United States. Read on to learn where suppliers are investing in hopes of keeping ransomware at bay.
AVG AntiVirus FREE
AVG AntiVirus FREE stops ransomware and many other types of threats before they have a chance to infect a user’s device and damage their files. The anti-ransomware software is fast, light, easy to use and 100 percent free, according to AVG.
AVG said its cutting-edge free ransomware scanner detects and blocks ransomware before it takes over user files. The software provides around-the-clock protection with automatic anti-ransomware updates to address new strains of ransomware, AVG said.
AVG AntiVirus FREE goes beyond ransomware to provide protection against all types of malware as well as malicious links, attachments and emails. Plus AVG AntiVirus FREE for Mac can detect and remove Mac-specific viruses and spyware to protect all of a user’s important files.
Avira Free Antivirus
Avira Free Antivirus’ premium anti-ransomware technology can detect behavioral clues and stop even unknown mutations before they attack. Users can rest assured that their files won’t be altered, encrypted or deleted, according to Avira.
Avira said its real-time antivirus protection blocks all types of malicious software including viruses, Trojans, worms, viruses and ransomware. The tool also blocks infected attachments as well as fake or malicious websites so that users aren’t even tempted to click on them, according to Avira.
Avira said it blocks more than eight million phishing attempts and 1.4 million ransomware attacks every month. Avira’s software is made in Germany and backed by 30 years of expertise in protecting the digital world, according to the company.
Comodo Forensic Analysis
The Comodo Forensic Analysis Scanning Tool is designed for large-scale use with several scanning modes to help an IT or network security team identify threats for trojan virus removal. The tool provides highly contextual information for trojan virus removal with a post-scanning report that shows files classified as safe, malicious, or unknown, according to Comodo.
The Comodo Forensic Analysis tool has an active directory scanning mode to scan all the computers in a domain, as well as a workgroup scanning mode that can scan by network addresses. Comodo said its Forensic Analysis tool also has a local computer scanning mode for every single computer in the network.
When Comodo Forensic Analysis tags a file as unknown, the company said it uploads the file to Comodo’s Valkyrie servers. The Valkyrie service aids in trojan virus removal by running these files through a battery of tests that are meant to coax out the behaviors of these files, according to Comodo. This is helpful since roughly 60 percent of ransomware resides in the unknown category, Comodo said.
Digital Guardian For Ransomware Protection
Digital Guardian stops ransomware and other external threats by automatically detecting and blocking advanced threats across the entire attack lifecycle. The company said its threat detection and response capabilities successfully detected and contained the WannaCry attack for all its advanced threat protection customers.
The company said it starts blocking at the attack’s initial entrance vector and keeps blocking across the entire attack lifecycle including exploit installation and execution as well as the command and control phase. Gaining visibility into system, user and data events with one technology provides users with the necessary context to enable faster and more accurate determination of the attack and its motivation.
Digital Guardian said its analytics and reporting cloud quickly filters through potential anomalies and only triggers alarms for the high-fidelity events that warrant additional investigation. The company said its behavior-based rules can automatically detect and block multiple sources of attacks including ransomware as well as stop threats even if there are no IOC signatures.
MalwareFox’s anti-ransomware tool protects against existing and emerging ransomware attacks and can block the execution of rogueware before the system is even infected. The tool runs alongside any security program, is compatible with almost all anti-virus software, and can protect from existing as well as emerging ransomware threats.
The company said its anti-ransomware tool utilizes low system resources and runs light on the computer system. The tool’s inbuilt ransomware protection module provides an additional layer of security against advanced ransomware threats, according to MalwareFox.
There have been many variants of ransomware active since 2017 causing millions in losses and wreaking havoc on companies, hospitals and individuals, MalwareFox said. The key to protecting a computer system against ransomware attacks is having reliable security layers in place, according to MalwareFox.
McAfee Ransomware Interceptor
McAfee Ransomware Interceptor is an early detection tool that prevents file encryption attempts by ransomware malware. The tool leverages heuristics and machine learning to identify such malware, according to McAfee.
Ransomware Interceptor allows users to add files to a whitelist, which allows them to disable monitoring of specific files and processes. But once a file is whitelisted, McAfee said it can’t be removed from the whitelist, and the company advises using this feature cautiously due to cases of misdetection. Interceptor is usually smart enough to automatically identify clean processes, McAfee said.
McAfee Ransomware Interceptor is meant to block encryption attempts only and has limited cleaning capabilities. However, in the case of WannaCry, McAfee said Ransomware Interceptor can detect and disable malicious services on the system provided a detection happens.
Norton 360 helps protect users against ransomware attacks by warning them about malicious links and attachments and helping them back up files so they can restore them if their computer gets locked by ransomware.
Norton said its security technology is powered by artificial intelligence and machine learning, and that the company’s team monitors online threats across the globe to help protect devices. Norton said its protection technology includes multiple defenses to protect devices against viruses, malware, spyware and ransomware.
Norton360 offers 10 gigabytes of automatic, secure Cloud Backup for PCs to store and protect important files and documents against hard drive failures, stolen devices and even ransomware. Meanwhile, Norton 360 With LifeLock Select can help detect and protect against threats to a user’s identity and devices, including their mobile phones.
Sophos Home Premium
Sophos Home Premium uses advanced artificial intelligence to track program behavior and recognizes when software on a user’s computer is engaging in telltale ransomware indications. It stops malware by leveraging the vast, continuously updated SophosLabs database of threats in addition to leveraging real-time behavioral detection technologies, according to Sophos.
Sophos offers home computer protection from ransomware at the same level of security that protects more than 300 million corporate devices worldwide and can even spot and block ransomware that nobody’s ever seen before. The tool can stop ransomware on both Windows and Mac home computers, according to Sophos.
Sophos Home Premium offers scan on demand to block potential ransomware that doesn’t show with the default scans included on a user’s computer. The tool makes it easy to choose and block categories per device, minimizing security holes on home computers.
VMware Carbon Black For Ransomware Protection
Businesses can protect themselves against ransomware with VMware Carbon Black’s next-generation antivirus and behavioral endpoint detection and response (EDR) offering. Advanced prevention stops current and future ransomware variants by monitoring streams of events related to a ransomware outbreak, VMware Carbon Black said.
VMware Carbon Black said it’s able to lure all types of ransomware into a trap, even unknown and file-less varieties, to spot it and stop it before it attacks critical files and shares. Application control is the most effective way to prevent all forms of ransomware from running on servers and critical systems, according to VMware Carbon Black.
VMware Carbon Black App Control can stop malware, ransomware, zero-day and non-malware attacks, the company said. It also prevents unauthorized changes with file-integrity monitoring, device control and memory protection, VMware Carbon Black said.
Webroot SecureAnywhere Antivirus
Webroot SecureAnywhere protects all users against WannaCry and other forms of ransomware by using software that can block phishing sites and other malicious online destinations. Webroot said it has built up a strong reputation for stopping crypto-ransomware and was the first antivirus and antimalware vendor to move completely away from the standard signature-based file detection method.
By harnessing the power of cloud computing, Webroot said it was able to replace traditional reactive antivirus with a proactive real-time endpoint monitoring and threat intelligence approach. This model has enabled Webroot to accurately categorize existing, modified, and brand-new executable files and processes at the point of execution to determine their known good, bad, or undetermined status.
Uproach, Webroot said it rapidly identifies and blocks many more infections than the normal antivirus signature approach and is highly proficient at detecting and stopping crypto-ransomware. This approach has continuously proven its efficacy at stopping crypto malware in real time by addressing threats the moment they attempt to infect a device, stopping the encryption process before it starts.