anti ransomware

hello,
is there any open source or free anti ransomware for windows server and windows 10,8,7 ?
thanks.
Amin El-ZeinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
You can take a look at Malwarebytes suite. But it takes more than one software to address the exposure. Consider the application whitelisting to allow only authorised software to run and not let user has any administrative rights. Proper backup is critical and storing backup offline for recovery later when in need.

https://www.malwarebytes.com/pricing/business/

Another is the intercept X from sophos for client and server

https://www.sophos.com/en-us/products/server-security.aspx
Paul MacDonaldDirector, Information SystemsCommented:
If you're looking to remediate ransomware, the solution will depend on the ransomware.

If you're looking to prevent ransomware, use any good anti-virus/anti-malware product and don't click on anything you aren't positive is safe.
Andrew LeniartFreelance JournalistCommented:
Hi Amin,

There is a selection of free Anti-Ransomware tools that have been reviewed in the following article on Techradar you can take a look at.

The best free anti-ransomware software 2019

Everything reviewed in the above article will work on Windows 7, 8 and 10. I personally use Malwarebytes Premium and Acronis True Image anti-ransomware modules which I have active all the time, but neither are free. I tested the Acronis Active Protection module in a Windows 10 VM by purposely trying to infect my VM with Ransomware from sites I found on the dark web and it did work by blocking encryption attempts. Uses artificial intelligence to monitor behavior. The module comes with Acronis True Image 2019 and some of their other backup solutions.

I think you'll be struggling to find any "free" anti-ransomware protection tools for Servers though. Servers are business products so rarely have free protection available for them.

Hope that's helpful.

Regards, Andrew
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

JohnBusiness Consultant (Owner)Commented:
Installing a top notch Spam Filter is the most important thing you can do. This keeps ransomware out. Good Spam filters are NOT free, but much cheaper than recovering from backups.

Make sure you have good offline and offsite backups.

Make sure users are trained to delete emails from strangers.
McKnifeCommented:
Windows 8 and Windows 7, as well as server 2008-2016 will need to rely on 3rd party software.
Windows 10, starting with build 1709 as well as server 2019 have anti-ransomware protection built-in with windows defender, but it is disabled by default. https://www.windowscentral.com/how-enable-controlled-folder-access-windows-10-fall-creators-update tells you how to activate it.
Shaun VermaakTechnical SpecialistCommented:
No spam filter will block a well-crafted spear phishing attack (part of my security auditing role)
No antivirus will block a properly packed ransomware binary (I have written a few POC ones)

Ensure users are not over-permissioned on own computer and on network resources and have a mechanism to whitelist processes that are allowed to write to common user storage folders.

As per comment above Windows Defender provides such functionality, I am also a fan of Bitdefender's safe-folders

On servers, you can do mass-change detection and known to unknown file detection. I have such a tool and will share it when I get a chance
JohnBusiness Consultant (Owner)Commented:
No spam filter will block a well-crafted spear phishing attack.   <--- Really good ones, however, will catch most (over 95% in my experience here with Clients on Hosted Exchange and my own email ISP. I see the occasional one (that I can recognize by eye as can my clients) . So it is one of the key things I recommend and implement.
Shaun VermaakTechnical SpecialistCommented:
95% of all statistics are made-up. You will not know how many you miss and you might not have been targetted by a motivated individual, you are just blocking random, script-kiddy mails
Dr. KlahnPrincipal Software EngineerCommented:
The best defense against ransomware is daily full (not incremental) backups.

Once that is in place, then look at the malware preventers.  None of them are perfect and Day Zero always occurs when something new comes out.  Therefore full backups must be in place first.
Bagaudin SatuevGlobal Community EvangelistCommented:
Hi Amin,

You can obtain free Acronis Ransomware Protection solution from here - https://www.acronis.com/en-us/personal/free-data-protection/

Let me know if you have any questions.
Amin El-ZeinAuthor Commented:
acronis not wokring on windows server
Amin El-ZeinAuthor Commented:
hi shuan
could please post the scripts ?
thanks
Bagaudin SatuevGlobal Community EvangelistCommented:
acronis not working on windows server

It works, but it's not free. For Windows Server you will need either Acronis Backup 12.5 for Windows Server or Acronis Backup Cloud – Server (Per Device)
Amin El-ZeinAuthor Commented:
i want a free pr open source solution
Andrew LeniartFreelance JournalistCommented:
Hi Armin,

acronis not wokring on windows server

As I mentioned in my previous comment, servers are business products mostly used in commercial environments so you won't find "free" ransomware protection for servers from any provider. The Acronis free solution should work on your Window 7, 8, and 10 workstations though. It's only just been released as a free product apparently.

Hope that's helpful.

Regards, Andrew
Andrew LeniartFreelance JournalistCommented:
i want a free pr open source solution

Free is always desirable, but not available for servers. There are lots of free options in the answer I gave you earlier for workstations, but even with those, if you want to use them on a server platform, a fee will need to be paid. If everything was free for even commercial use, then what incentive would developers have to create such helpful products in the first place? :)
McKnifeCommented:
"i want a free pr open source solution" - since you already use closed source software (the OS itself), I guess you are fine with using what's built-in? As said, server 2019 has this protection, so has server 2016 v1809 and win10 in v1709 onwards.

You can also use applocker or software restriction policies to whitelist known software and prevent any and all unknown software and with that all ransomware from running. Are you familiar with that concept? It is possible in all windows editions.
btanExec ConsultantCommented:
Since you want it free, should focus your reducing the attack surface, so just to summarise useful pointer for consideration.

a) Still maintain the AV and signature as most of the known one are already prevented. Anti-malware products should be able to notice ransomware at the file and process level; however, this is not a guarantee

b) use application whitelisting as expert has advised as well in my earlier post, also do disable older version of Powershell such as PS v2 as they do not have the default Restricted execution policy, go for PS v5 above). inclusive of restricting user write capabilities, preventing execution from user directories, whitelisting applications, and limiting access to network storage or shares.

c) Ransomware might attempt to use a system administrator account to gain access to data. As a defense against this, the number of user accounts should be decreased and all default system administrator accounts should be terminated.

d) To reduce the chance of an email that contains malware being opened, inboxes should be filtered for spam or emails from suspicious sources. Block executable attachment, ransomware often comes in the form of an executable file such as .exe or .js or can be disguised as other files such as .zip.

e) Remove local administrative rights from user of the system. This blocks the ransomware from gaining the power to change system files, directories, and system registry and storage. This also blocks access to critical system resources and files.

f) Firewalls that implement whitelisting or robust blacklisting are useful for blocking ransomware from spreading and preventing it from connecting to command-and-control servers. Firewalls should limit or completely block remote desktop protocol and other remote management services.

g) Backups should be made whenever important data is modified, and it should be periodically verified that the data can be accessed from the secondary system. Preferably should be stored offline and offsite in a system that is not connected to the main network.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Ransomware

From novice to tech pro — start learning today.