anti ransomware

Amin El-Zein
Amin El-Zein used Ask the Experts™
on
hello,
is there any open source or free anti ransomware for windows server and windows 10,8,7 ?
thanks.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
btanExec Consultant
Distinguished Expert 2018

Commented:
You can take a look at Malwarebytes suite. But it takes more than one software to address the exposure. Consider the application whitelisting to allow only authorised software to run and not let user has any administrative rights. Proper backup is critical and storing backup offline for recovery later when in need.

https://www.malwarebytes.com/pricing/business/

Another is the intercept X from sophos for client and server

https://www.sophos.com/en-us/products/server-security.aspx
Paul MacDonaldDirector, Information Systems

Commented:
If you're looking to remediate ransomware, the solution will depend on the ransomware.

If you're looking to prevent ransomware, use any good anti-virus/anti-malware product and don't click on anything you aren't positive is safe.
Andrew LeniartIT Professional | Freelance Journalist | Looking for Opportunities
Distinguished Expert 2018

Commented:
Hi Amin,

There is a selection of free Anti-Ransomware tools that have been reviewed in the following article on Techradar you can take a look at.

The best free anti-ransomware software 2019

Everything reviewed in the above article will work on Windows 7, 8 and 10. I personally use Malwarebytes Premium and Acronis True Image anti-ransomware modules which I have active all the time, but neither are free. I tested the Acronis Active Protection module in a Windows 10 VM by purposely trying to infect my VM with Ransomware from sites I found on the dark web and it did work by blocking encryption attempts. Uses artificial intelligence to monitor behavior. The module comes with Acronis True Image 2019 and some of their other backup solutions.

I think you'll be struggling to find any "free" anti-ransomware protection tools for Servers though. Servers are business products so rarely have free protection available for them.

Hope that's helpful.

Regards, Andrew
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Installing a top notch Spam Filter is the most important thing you can do. This keeps ransomware out. Good Spam filters are NOT free, but much cheaper than recovering from backups.

Make sure you have good offline and offsite backups.

Make sure users are trained to delete emails from strangers.
Distinguished Expert 2018

Commented:
Windows 8 and Windows 7, as well as server 2008-2016 will need to rely on 3rd party software.
Windows 10, starting with build 1709 as well as server 2019 have anti-ransomware protection built-in with windows defender, but it is disabled by default. https://www.windowscentral.com/how-enable-controlled-folder-access-windows-10-fall-creators-update tells you how to activate it.
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

Commented:
No spam filter will block a well-crafted spear phishing attack (part of my security auditing role)
No antivirus will block a properly packed ransomware binary (I have written a few POC ones)

Ensure users are not over-permissioned on own computer and on network resources and have a mechanism to whitelist processes that are allowed to write to common user storage folders.

As per comment above Windows Defender provides such functionality, I am also a fan of Bitdefender's safe-folders

On servers, you can do mass-change detection and known to unknown file detection. I have such a tool and will share it when I get a chance
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
No spam filter will block a well-crafted spear phishing attack.   <--- Really good ones, however, will catch most (over 95% in my experience here with Clients on Hosted Exchange and my own email ISP. I see the occasional one (that I can recognize by eye as can my clients) . So it is one of the key things I recommend and implement.
Shaun VermaakTechnical Specialist
Awarded 2017
Distinguished Expert 2018

Commented:
95% of all statistics are made-up. You will not know how many you miss and you might not have been targetted by a motivated individual, you are just blocking random, script-kiddy mails
Dr. KlahnPrincipal Software Engineer

Commented:
The best defense against ransomware is daily full (not incremental) backups.

Once that is in place, then look at the malware preventers.  None of them are perfect and Day Zero always occurs when something new comes out.  Therefore full backups must be in place first.
Bagaudin SatuevGlobal Community Evangelist

Commented:
Hi Amin,

You can obtain free Acronis Ransomware Protection solution from here - https://www.acronis.com/en-us/personal/free-data-protection/

Let me know if you have any questions.

Author

Commented:
acronis not wokring on windows server

Author

Commented:
hi shuan
could please post the scripts ?
thanks
Bagaudin SatuevGlobal Community Evangelist

Commented:
acronis not working on windows server

It works, but it's not free. For Windows Server you will need either Acronis Backup 12.5 for Windows Server or Acronis Backup Cloud – Server (Per Device)

Author

Commented:
i want a free pr open source solution
Andrew LeniartIT Professional | Freelance Journalist | Looking for Opportunities
Distinguished Expert 2018

Commented:
Hi Armin,

acronis not wokring on windows server

As I mentioned in my previous comment, servers are business products mostly used in commercial environments so you won't find "free" ransomware protection for servers from any provider. The Acronis free solution should work on your Window 7, 8, and 10 workstations though. It's only just been released as a free product apparently.

Hope that's helpful.

Regards, Andrew
Andrew LeniartIT Professional | Freelance Journalist | Looking for Opportunities
Distinguished Expert 2018

Commented:
i want a free pr open source solution

Free is always desirable, but not available for servers. There are lots of free options in the answer I gave you earlier for workstations, but even with those, if you want to use them on a server platform, a fee will need to be paid. If everything was free for even commercial use, then what incentive would developers have to create such helpful products in the first place? :)
Distinguished Expert 2018

Commented:
"i want a free pr open source solution" - since you already use closed source software (the OS itself), I guess you are fine with using what's built-in? As said, server 2019 has this protection, so has server 2016 v1809 and win10 in v1709 onwards.

You can also use applocker or software restriction policies to whitelist known software and prevent any and all unknown software and with that all ransomware from running. Are you familiar with that concept? It is possible in all windows editions.
Exec Consultant
Distinguished Expert 2018
Commented:
Since you want it free, should focus your reducing the attack surface, so just to summarise useful pointer for consideration.

a) Still maintain the AV and signature as most of the known one are already prevented. Anti-malware products should be able to notice ransomware at the file and process level; however, this is not a guarantee

b) use application whitelisting as expert has advised as well in my earlier post, also do disable older version of Powershell such as PS v2 as they do not have the default Restricted execution policy, go for PS v5 above). inclusive of restricting user write capabilities, preventing execution from user directories, whitelisting applications, and limiting access to network storage or shares.

c) Ransomware might attempt to use a system administrator account to gain access to data. As a defense against this, the number of user accounts should be decreased and all default system administrator accounts should be terminated.

d) To reduce the chance of an email that contains malware being opened, inboxes should be filtered for spam or emails from suspicious sources. Block executable attachment, ransomware often comes in the form of an executable file such as .exe or .js or can be disguised as other files such as .zip.

e) Remove local administrative rights from user of the system. This blocks the ransomware from gaining the power to change system files, directories, and system registry and storage. This also blocks access to critical system resources and files.

f) Firewalls that implement whitelisting or robust blacklisting are useful for blocking ransomware from spreading and preventing it from connecting to command-and-control servers. Firewalls should limit or completely block remote desktop protocol and other remote management services.

g) Backups should be made whenever important data is modified, and it should be periodically verified that the data can be accessed from the secondary system. Preferably should be stored offline and offsite in a system that is not connected to the main network.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial