anti virus software protecting against ransom ware

rgb192
rgb192 used Ask the Experts™
on
What is a good anti virus software

Something that may combat ransomware
on windows 10
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
yo_beeDirector of Information Technology
Commented:
Is this for a single computer or network of them?  

The best and cheapest protection is a solid regular backup of your system. Windows 10 has built in backup utilities.
DP230Network Administrator
Commented:
We user Kaspersky Endpoint Security and still survive after few ransomware attacks.

But in my opinion, you should install Nessus and periodically scan the system, even PCs in subnets. Lasttime, we found MS17-010 and patched it before WannaCry wave, so we were safe!
btanExec Consultant
Distinguished Expert 2018
Commented:
Unlikely you are looking at antivirus. You need an endpoint protection and a good backup solution.

Malwarebyte anti ransomware and its suite of anti malware and anti exploit.

In fact Windows Defender Advanced Threat Protection is paced to defend against ransomware.
https://www.google.com.sg/amp/s/blogs.windows.com/business/2016/11/11/defending-against-ransomware-with-windows-10-anniversary-update/amp/

I have listed in the faq a list of measures whicb can be handy.
https://www.experts-exchange.com/articles/28059/TL-DR-Ransomware-Infected.html
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
In my opinion, anti virus is after the fact protection for ransomware.

Ransomware is spread mostly (90%) by emails. Do not open emails from strangers and implement top notch spam filtering.

I do not get any spam (mail.com) and guess what? No ransomware attacks.
Dr. KlahnPrincipal Software Engineer
Commented:
I agree with the two preceding comments.  The only prophylaxis against ransomware is frequent full (not incremental) backups, stored offline on an external device that is only connected to the computer when a backup is being made.

At present there are several antivirus products claiming that "Our antivirus will catch ransomware after it has encrypted only X files!"  I don't regard that as a sane approach to the problem.  First, the antivirus let the ransomware run; then second, it let it encrypt multiple files before stopping it.  This is like a security service saying "We stop burglars after they have stolen only $5,000 of your possessions!"

Ransomware is becoming more and more ingenious about locating network shares, NAS, SAN and cloud backups.  Anything it finds, it will encrypt.  The only safe solution is one where the ransomware can't access the backup at all.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
I always forget to say "Back Up your files" . I am amazed when people have disasters, and I say recover from your backups, they say "What is a backup?"
yo_beeDirector of Information Technology
Commented:
I agree education is the best form of protection, but it only takes a single user. Not all engineered ransomware for from people you do not know.  A solid engineered email will make you think you are responding to an email sent from someone you know, so an endpoint protection is a must in a network.  Not sure how it is an after thought. All solid EP's will detect know ransomeware signatures.

If it does come down to it that it was not detected your only option is to go back to a solid backup.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018
Commented:
A solid engineered email will make you think you are responding to an email sent from someone you know, so an endpoint protection is a must

I agree with that, but I think spam control comes first.

I am always amazed at mail.com.

Mail from Fred Jones  "sensible paragraph of email text" in my Inbox

Mail from the very same Fred Jones (same email address)  "see this "special offer.cz"  . Gone to my spam folder.
yo_beeDirector of Information Technology
Commented:
These are all important pieces to having the steps of prevention and if you are not doing all the recommend suggestions you are making yourself and your network vulnerable to these attacks.
Principal Software Engineer
Commented:
yo_bee said:

All solid EP's will detect know ransomeware signatures.

Indeed.  But it's not the known ones that are critical; it's the ones where Day Zero is still in effect and no signatures yet exist.  No reliable protection measures can exist against those.
Top Expert 2016
Commented:
Ransomware Authors are customizing each attack campaign and sometimes within the campaign itself so signature based AV doesn't get enough bad hits in order to create the signature therefor negating ANY AV product. We are left with looking for behavior  i.e. large numbers of files modified in a short period of time

All you can do is keep your machine up to date with patches, Unless you are absolutely sure who the sender is don't open email attachments. I recently received a few pdf's in the email from "FEDEX" but the sender was noreply@fedex-missisauga.pl .. I immediately deleted these
Top Expert 2013
Commented:
you asked "What is a good anti virus software"  there is none - YOU are the best expert to combat them, as you can see from the posts above.
If YOU do not do the necessary, and use some precautions - you'll ALWAYS be vulnerable
if you ask most experts here - they have litlle or no problems with  malwares
Distinguished Expert 2018
Commented:
There are a number of things you should be looking at, many of which have already been mentioned. However, in case you haven't thought about these: policies enforcing secure passwords that change on the regular basis, multifactor authentication (especially for remote access) is ideal, regularly reviewing firewall rules, and minimizing the number of systems that are remotely accessible.

Long story short, there is no silver bullet solution.
yo_beeDirector of Information Technology
Commented:
I currently have multiple pieces of security appliances in my infrastructure.  I use a product/service called eSentire.  This product is monitoring all in an out traffic both external and internal side of the firewall.  If it see traffic going to a known malicious IP or a non-signature it will severe the tcp packet right there and alert me of the computer that made the attempt.  If I do not respond I have a secondary device that will take the computer off-line.

It is not 100%, but it is another layer on top of my Spam filter, EP, regular patching.
btanExec Consultant
Distinguished Expert 2018
Commented:
Thought I like to share that besides preventive and detective, the incident response plan is very critical as it should have spelled out the playbook to handle those incident and we will expect incident to happen, you can bet on it especially when you are not tracking your asset closely on their patch compliance.  Handling Ransomware incident can be straightforward as in just shut down the machine and report to the authority as you recover data to new machine with your changed credential. But it is not that simple, typically the responser will advocate the victim to take a snapshot of the ransom note (for later identification of threat) in case it is not shown due to machine unbootable after shutdown and even forensically dumping memory (hoping to recover encryption keys but it is non-trivial as the key may differs for each document). So make sure IT, and Security team sync up and talks to each other. Importantly, do not pay ransom.

Another area worth exploring is into deception technology. It set up decoy to allure the exploit to dump the ransomware on it and contain it busy within the faked "honeyed" machine. There are also scheme which provide cryptotraps that keep the ransomware always in the recursive loops and stop it from mass spreading like case of WannaCry that spread based on SMB channels, and there are some via RDP. Still keep the hygiene check  updated regularly besides having to beef up the defence layer and controls - application whitelisting is important too..
It would help users tremendously if mail clients would stop hiding the sender source.  I don't remember exactly when mail clients started hiding the source of email, because that's when I started making all my mail clients show the full headers to help track of headers to avoid getting phished.  Users usually will complain about spam and I'd always have to ask for the full headers, because I wouldn't know what to block when the email only shows  "Received from: Fred Smith" when they forward it to me.  Many of them invariably delete the mail before they can forward it to me.

They click on mail because it came from "Fred Smith" in accounting, rather than showing the full header of "Fred.Smith <john.jones@cybercity.cz>"  to make it easier to spot the fake.  The phishers can craft mail to look just like it came from internal sources.  Stupid marketing minded people want their email to look "pretty" and clean, so they started changing mail clients to cater to aesthetics instead of functionality.

Rather than showing noreply@experts-exchange.com, mail clients show "Question comment on Experts Exchange" in Outlook.  You have to carefully hover over the sender link to see the actual email address.  Just show people the full "Question comment on Experts Exchange <noreply@experts-exchange.com>"  Outlook is the biggest culprit in assisting spammers to hide and falsify email for phishing expeditions to the non-technical users.


I am always amazed at mail.com.
That's just your bias from your environment, based on your locations.  I've seen places were gmail is the most prevalent spammer source.  I've also see places where yahoo is the most prevalent source.  There are plenty of others It varies depending on which coast and which country you're in.  The spammers use all sources.  You may just happen to get more from mail.com based on your environment.
Josh PetragliaDigital Care Coordinator
Commented:
Webroot has been highly effective at protecting users against Ransomware.
I highly encourage you to read this discussion to learn more.

If you'd like more information on how our Product works to detect these types of threats, please feel free to reach out to me directly for more information.
E ATech Lead
Commented:
Here are few best anti-ransomware software that you can check:

Kaspersky Internet Security
HitmanPro.Alert
Malwarebytes 3
Zemana Antimalware
Trend Micro Internet Security
Bitdefender Internet Security 2017

Get in detailed: https://beebom.com/best-anti-ransomware-software/

Stay safe and don’t forget the best protection is always a backup! to protect yourself: http://expert-advice.org/2017/07/ways-to-protect-yourself-from-ransomware-attack/

Hope this helps!

Author

Commented:
thanks for information and telling me about scope

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial