The 10 Hottest Ransomware Protection Tools Of 2019
The 10 tools leading the way in the ransomware protection market have emphasized assessing infrastructure for attack readiness, identifying ransomware patterns both before and during execution, and isolating infected endpoints to prevent lateral movement.
Don’t Get Locked Out
Vendors have spent 2019 strengthening their ability to quarantine, detect and remediate ransomware, delivering protection from the DNS layer to email to the endpoint. Some suppliers focused heavily on the front-end, assessing endpoints, applications and backup infrastructure for attack readiness and ensuring they’re able to distinguish normal activities from suspicious ones.
From a detection standpoint, companies have doubled down on their ability to accurately identify ransomware patterns in pre-execution and run-time mode with cloud-assisted behavior detection techniques. And on the back-end, vendors have focused on isolating infected endpoints to prevent lateral movement and scanning the user’s device to quickly remove existing infections altogether.
Three of the hottest ransomware protection tools of 2019 came from companies based in Silicon Valley, three came from European companies, three came from Asian companies, and one came from a company located in the Northeastern United States. Read on to learn where suppliers are investing in hopes of keeping ransomware at bay.
Acronis Ransomware Protection
The free Acronis Ransomware Protection tool delivers proven, powerful protection against leading ransomware like Petya, WannaCry and Osiris, and is compatible with all the leading anti-malware offerings. The Acronis technology monitors a company’s systems in real-time, distinguishing normal activities from suspicious ones like unauthorized encryption.
If a process is caught trying to encrypt a company’s files or inject malicious code into a company’s system, Acronis stops it before any damage is done. After blocking the ransomware attack, Acronis helps restore any files that might have been altered or infected by searching for the latest file versions and recovering clean copies from a company’s cache, temporary files, or backup.
With 5 gigabytes of free cloud storage, Acronis helps businesses not only protect data during a ransomware attack, but also from disk failures, disasters and accidental deletions. And cloud backups allow companies to access their files from anywhere on any internet-enabled device.
Avast Free Antivirus
Avast Free Antivirus is the award-winning, 100% free anti-ransomware tool that stops dangerous ransomware and other types of threats before they can harm a user’s files. The company said it’s packed a large threat-detection network and machine-learning malware protection into a single, lightweight malware scan and removal tool that won’t slow down a user’s PC.
New and improved ransomware floods the internet daily, but Avast said its software is upgraded every few minutes to keep users ahead of the tide. Six layers of security ensures that Avast catches ransomware well before it has a chance to do any damage to a user’s data.
Ransomware will try to encrypt files on any device it can access, including Macs and mobile phones. For this reason, Avast’s ransomware capabilities go beyond PCs to protect and remove the underlying ransomware malware from both Mac as well as Android.
Bitdefender GravityZone
Bitdefender GravityZone has all its layers work together for prevention, detection and remediation to deliver comprehensive anti-ransomware protection. Regardless of how much the malware or ransomware is modified, Bitdefender said its capable of accurately detecting new ransomware patterns in both pre-execution as well as run-time mode.
Ransomware writers often use exploit kits that take advantage of zero-day or unpatched vulnerabilities to gain a foothold in a company’s systems, Bitdefender said. By focusing on attack techniques, Bitdefender said its able to protect a company’s systems and prevent ransomware from spreading.
Bitdefender GravityZone can stop ransomware attack in its tracks by monitoring running processes such as registry key modification and file read/write/encryption action. And from a remediation standpoint, Bitdefender said the tool can terminate a malicious process, roll back changes and clean up.
Check Point SandBlast Agent
The Check Point SandBlast Agent endpoint security tool includes powerful anti-ransomware protection that defends organizations against sophisticated attacks that can bypass conventional network and endpoint offerings. The company said its anti-ransomware technology keeps businesses safe from cyberattacks and eliminates disruptions.
The offering prevents online extortion attacks attempting to bypass antivirus and other malware protection tools through immediate exposure. And the behavioral analysis capabilities of Check Point SandBlast Agent help quarantine, detect and remediate ransomware infections without the need for signatures.
Check Point SandBlast Agent works in both online and offline mode to automatically restore and recover files encrypted during the detection process, the company said. This helps companies avoid the impact of a successful ransomware attack, which can cripple a business for days, months, or even longer periods.
Cisco Ransomware Defense
Cisco Ransomware Defense products leverage industry-leading Talos threat research to provide ransomware protection from the DNS layer to email to the endpoint. The ransomware defense products fight threats on multiple fronts, starting with quick prevention and adding advanced protection when organizations are ready.
Cisco Cloud Email Security with Advanced Malware Protection (AMP) blocks ransomware delivered through spam and phishing emails, which is still the application most commonly used by ransomware. It even identifies malicious attachments and URLs.
Since most ransomware attacks use DNS, Cisco Umbrella with DNS and IP layer enforcement stops ransomware over all ports and protocols regardless of whether a user is on or off the network. And Cisco Advanced Malware Protection for Endpoints stops ransomware files from taking an organization’s system hostage by enhancing the security of a company’s endpoints and servers.
Commvault Ransomware Protection
Commvault Ransomware Protection improves threat and risk mitigation across all endpoints and applications while providing organizations with greater confidence in data backup, recovery and compliance. The offering alerts companies to potential ransomware/malware attacks so they can quickly react and ensure minimal impact to users and businesses.
The offering assesses readiness for multiple attack scenarios against endpoints, applications and backup infrastructure, the company said. From there, Commvault reduces threats from poor practice, misconfigurations and incomplete preparedness to weaken attack vectors.
Commvault also brings systems back to their last-known good state as quickly as possible to minimize damage from attacks. In order to notify those impacted in a timely, compliant way, Commvault said organizations must be able to quickly determine what data was involved in an incident.
Kaspersky Anti-Ransomware Tool
This lightweight Kaspersky Anti-Ransomware Tool uses all the cutting-edge features of Kaspersky’s endpoint protection technologies - such as cloud-assisted behavior detection - to scan and block ransomware and crypto-malware immediately. The free tool provides proven, powerful protection from ransomware like WannaCry, Petya, Bad Rabbit, Locky and TeslaCrypt, Kaspersky said.
The offering is GDPR ready, meaning that users and organizations can trust that their data is processed and protected responsibly. And the Kaspersky Anti-Ransomware Tool is capable of blocking both local and remote attempts to encrypt user data and provides protection for shared folders.
In addition to malware objects, the Kaspersky Anti-Ransomware Tool can detect and block adware, pornware and riskware objects including cryptomining software. Plus the offering works alongside most security software in use today, according to the company.
Malwarebytes Premium
Malwarebytes Premium protects users from ransomware and other online attacks that threaten their devices, their files, and their privacy, the company said. The ransomware protection is available for PC, Mac, Android and Chromebook devices, according to Malwarebytes.
The offering stops ransomware, malware, and other threats with multiple layers of security, Malwarebytes said, including real-time protection that looks for tell-tale signs of a threat. Malwarebytes Premium also warns users when they accidentally visit malicious sites or open a malicious file that contains threats like ransomware or phishing scams.
Malwarebytes Premium identifies and removes existing infections with a quick, comprehensive scan of the user’s device. The offering also prevents access to known and suspected scam websites, and shields vulnerable systems and software from exploit attacks, according to Malwarebytes.
Symantec Endpoint Protection
Symantec Endpoint Protection uses advanced machine learning to detect polymorphic malware and hunts for ransomware indicators of compromise across all endpoints. The product’s emulator unpacks evasive malware, Symantec said, while its behavior analysis capabilities uncover ransomware actions.
The product isolates endpoints when ransomware is detected to prevent lateral movement. And the Intrusion Prevention System [IPS] blocks ransomware’s attempt to download encryption keys.
Meanwhile, the Symantec Endpoint Protection Manager can be used to update the virus definitions by automatically downloading them to the client as well as scan client computers if the client is managed and connected to the product. As with other security products, the company said that Symantec Endpoint Protection cannot decrypt the files that ransomlockers have sabotaged.
Trend Micro Anti-Ransomware Tools
There is no silver bullet when it comes to ransomware, so Trend Micro recommends a multi-layered approach prioritized for the best risk mitigation. The company infuses the layers of defense with XGen security, a cross-generational blend of threat defense techniques that intelligently applies the right technology at the right time.
Trend Micro’s machine learning assessment tool utilizes specific advanced endpoint security techniques to stop more threats from getting into an organization’s network and onto their endpoints. The free offering is for organizations that currently do not have Trend Micro endpoint technology in place.
Trend Micro’s anti-threat toolkit scans a potentially compromised machine for malware including WannaCry. Trend Micro also offers a simple patch validation tool for WannaCry that both checks a local machine to see if Microsoft's MS17-010 patch has been successfully applied, as well as allows the user to easily disable Windows Server Message Block (SMB) v1 on the local machine via registry key.