Security researchers have released a free new tool that they claim can help protect users against known and possible future versions of the Locky, Teslacrypt, and CTB-Locker ransomware.
This announcement marks the expansion of a Windows tool that anti-malware firm Bitdefender first made available in the beginning of 2015. That utility protected only against CryptoWall, another infamous name from the world of crypto-ransomware.
As we have seen in recent weeks, however, new ransomware samples and campaigns are cropping up every day.
The Locky ransomware first appeared on the scene in February when it was identified as the malware that shuttered the computer systems of Hollywood Presbyterian Medical Center in southern California. The hospital ultimately paid a ransom fee of $17,000 to have its computer systems restored.
In the meantime, attackers continue to infect targets with other malicious samples, with some even going so far as to hack a hospital’s website in order to disseminate Tesclacrypt ransomware.
For those who are exposed to crypto-ransomware, there’s little hope that they will get their files back unless they have a secure backup of their data or are prepared to pay the ransom.
Sure, researchers sometimes leverage flaws in the malware code to publish decryption keys or to create a downloadable decryption tool. But that is not the case for all ransomware, especially those samples that have few coding and cryptographic errors.
That is where Bitdefender’s new tool comes in, according to the firm’s Chief Security Strategist Catalin Cosoi:
“The new tool is an outgrowth of the Cryptowall vaccine program, in a way. We had been looking at ways to prevent this ransomware from encrypting files even on computers that were not protected by Bitdefender antivirus and we realized we could extend the idea.”
This utility, which can be downloaded here, marks just one of several efforts to help protect users against crypto-ransomware infections before they happen.
Earlier in March, the world first learned of Cryptostalker, a tool that might be able to help monitor a computer’s file system for newly written files as well as random data – a tell-tale sign of encryption – stored therein.
It’s important to note, however, that Cryptostalker and Bitdefender’s tool have their limits in that they should ideally complement, not replace, best security practices. Bogdan Botezatu, a senior threat analyst at Bitdefender, underlined that point in an interview with PC World:
“While extremely effective, the anti-ransomware vaccine was designed as a complementary layer of defense for end-users who don’t run a security solution or who would like to complement their security solution with an anti-ransomware feature.”
With that in mind, users should continue to avoid suspicious links, keep an up-to-date anti-virus solution installed on their machine, run regular backups, and implement software updates regardless of whether they choose to install Bitdefender’s utility.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.