The recent WannaCry ransomware sent the world into a panic, starting on Friday 12 May 2017 and infecting more than 230 000 computers in 150 countries, with the software demanding ransom payments in bitcoin in 28 languages.
Thanks to web security researcher ‘MalwareTech‘ finding a kill switch and registering a website that was mentioned in the code of the ransomware, the spread of infection slowed and has subsequently been brought under control, as Microsoft rushed to patch an existing security vulnerability as well.
It raises the question though: how protected are users who use traditional anti-virus software, from ransomware?
Well for starters, the encryption used by modern ransomware is generally too good to crack. Without a data backup, paying is often a victim’s only recourse, and even then there is no guarantee that the data will be un-encrypted. Unfortunately, by the time one’s data has been encrypted, it’s already too late.
Anti-virus software generally attempts to intercept the malicious code before it has a chance to execute and replicate on a victim’s machine.
Dan Turkel writes on Business Insider that “One way to improve detection is called “sandboxing.” The idea is to run new software or suspicious files in an isolated space to protect your important systems from possible infection. Some antivirus packages include sandboxing functionality and there are dedicated apps for creating virtual machines for testing, but running every untrusted file through the digital equivalent of a quarantined hosedown can introduce unnecessary overhead.”
In addition, for detecting previously unknown viruses, companies are using heuristic analysis. Dan writes “Antivirus software that uses heuristic analysis can detect previously unknown viruses by studying the behavior of software running on a user’s machine. If suspicious activity is detected, like the encrypting of the user’s documents, the questionable software can be stopped in its tracks and removed.”
Two of ChannelCenter’s vendor integrations, Bitdefender and Kaspersky, have anti-ransomware products and have publicly stated that their customers are protected from the WannaCry ransomware attack.
Bitdefender’s tool is intended to act as a protection against being infected by CTB-Locker, Locky, Petya, and TeslaCrypt ransomware, and stated on Twitter that: “Massive #WannaCry #ransomware attack targets more than 70 countries. Bitdefender customers have been safe all along! http://bit.ly/2qdUZIk”
Kaspersky’s tool is designed for small to medium sized businesses and like Bitdefender, it comes with a tool to prevent ransomware attacks before they demobilise targeted systems. Kaspersky mentioned on Twitter that: “Yes, our current products protect against #WannaCry Also free anti-ransomware tool that works with other AV http://kas.pr/Km6n”
Ultimately however, if you want the best protection it seems that with ransomware, like with many other things in life, prevention is better than cure.
So how does one prevent becoming a victim of ransomware?
The Telegraph has some suggestions:
- Back-up your filesThe best protection against ransomware is to back up all of the information and files on your devices in a completely separate system. A good place to do this is on an external hard drive that isn’t connected to the internet. This means that if you suffer an attack you won’t lose any information to the hackers.
- Be suspicious of websites, emails and appsThe most common ways for the software to be installed on a victim’s device is through phishing emails, malicious adverts on websites, and questionable apps and programs. People should always exercise caution when opening unsolicited emails or visiting websites they are unfamiliar with.
- Always install updatesCompanies often release software updates to fix vulnerabilities that can be exploited to install ransomware. It is therefore advisable to always download the newest version of a software as soon as it is available.