CyberSight RansomStopper - Review 2022

Your antivirus or security suite really ought to protect you lot against ransomware, along with all other kinds of malware. There might be an occasional slipup with a never-before-seen set on, but those unknowns rapidly get known. Unfortunately, ex mail service facto removal of ransomware nonetheless leaves your files encrypted. That'south why you may desire to add together a ransomware protection utility to your arsenal. The free CyberSight RansomStopper stopped real-world ransomware in testing, and the latest update handles ransomware that only runs at boot time.

RansomStopper is quite similar to Cybereason RansomFree, Trend Micro RansomBuster, and Malwarebytes Anti-Ransomware Beta. All 4 are free, and all detect ransomware based on its behavior. Since they rely on behavior, information technology doesn't affair whether the ransomware is an former, known quantity or a merely-created nada-24-hour interval attack. Like RansomFree, RansomStopper uses bait files every bit part of its detection methodology. Nonetheless, RansomStopper hides its bait files from the user.

Getting Started

Installation went quickly in my testing. After the download, I completed the procedure by entering my first and last proper name and email address. Once I responded to the confirmation email, the product was up and running. Unlike ZoneAlarm Anti-Ransomware and some others, it did require a reboot to exist fully operational.

The product'south simple main window reports that "Yous are protected from ransomware." Buttons across the bottom let you view security alerts, processes RansomStop has blocked, and processes you've called to allow. Another button lets you check for updates, if yous didn't select automatic updates during installation. Uncomplicated!

CyberSight too offers a business organization edition. Added features include email alerts, centralized assistants, and detailed reports. The business organisation edition costs $29.99 for a single license, though the price drops to as low as $10 per seat with volume licensing.

CyberSight RansomStopper Main Window

Ransomware Protection

When RansomStopper detects a ransomware attack, information technology terminates the offending procedure and pops up a alert in the notification area. Clicking the warning lets you see what file caused the problem. At that place's an choice to remove programs from the blocked processes list—forth with a warning that doing so is a bad thought.

Waiting to detect ransomware behavior can sometimes hateful that the ransomware encrypts a few files before termination. When I tested Malwarebytes, information technology did lose a few files this style. Bank check Indicate ZoneAlarm Anti-Ransomware actively recovers any encrypted files. In my testing, it did so for every ransomware sample. However, RansomStopper stopped the aforementioned samples without assuasive encryption of any files.

SecurityWatch

For a quick sanity check, I launched a simple fake ransomware program that I wrote myself. All information technology does is look for text files in and beneath the Documents folder and encrypt them. It uses a simple, reversible cipher, so a second run restores the files. RansomStopper caught it and prevented its chicanery. So far so skillful.

Circumspection, Live Ransomware

The only sure manner to test behavior-based ransomware protection is by using live ransomware. I practice this very cautiously, isolating my virtual auto test system from any shared folders and from the internet.

This test can be harrowing if the anti-ransomware product fails its detection, but my RansomStopper test went smoothly. Like ZoneAlarm and Malwarebytes, RansomStopper caught all the samples, and I didn't observe any files encrypted before behavioral detection kicked in. Cybereason RansomFree did pretty well, but it missed one.

CyberSight RansomStopper Blocked Processes

I too test using KnowBe4's RanSim, a utility that simulates 10 types of ransomware assault. Success in this examination is useful data, simply failure can simply mean that the behavior-based detection correctly determined that the simulations are not real ransomware. Like RansomFree, RansomStopper ignored the simulations.

Boot-Time Danger Resolved

Keeping under the radar is a big deal for ransomware. When possible, it does its dirty deeds silently, only coming forrard with its ransom demand afterwards encrypting your files. Having administrator privileges makes ransomware's task easier, merely getting to that point typically requires permission from the user. There are workarounds to get those privileges silently. These include arranging to piggyback on the Winlogon procedure at kicking fourth dimension, or set a scheduled task for boot time. Typically, the ransomware just arranges to launch at boot and then forces a reboot, without performing any encryption tasks.

In my before testing, I found that ransomware could encrypt files at boot fourth dimension earlier RansomStopper kicks in. My ain fake encryption program managed that feat. It encrypted all text files in and below the Documents folder, including RansomStopper'southward bait text files. (Yes, those files are in a binder that RansomStopper actively hides, but I have my methods…) It also missed a real-world ransomware sample that I set to launch at startup.

CyberSight'south designers tested a number of solutions for this problem and released a new version that gets ahead of kicking-fourth dimension ransomware. I tested it; it works, removing the one blot on RansomStopper's at present-sterling exam results.

RansomFree runs as a service, so information technology's agile before any regular process. When I performed the aforementioned test, setting a real-world ransomware sample to launch at startup, RansomFree likewise caught it. Malwarebytes also passed this examination. RansomBuster detected the boot-time attack and recovered the affected files.

To further explore this trouble, I obtained a sample of the Petya ransomware that acquired trouble earlier this year. This particular strain crashes the system and and so simulates kick-time repair by CHKDSK. What it's actually doing is encrypting your difficult bulldoze. Malwarebytes, RansomFree, and RansomBuster all failed to prevent this attack. RansomStopper caught it before it could crusade the system crash—impressive! ZoneAlarm also prevented Petya's assault. To be fair to the others, this i is not a typical file encryptor ransomware. Rather, it locks the entire organization by encrypting the hard drive.

Querying my contacts, I did learn that boot-time ransomware attacks, including Petya, are becoming less mutual. Even so, I've added this test to my repertoire.

Other Techniques

Behavior-based detection, when implemented properly, is an excellent way to fight ransomware. Nevertheless, information technology's not the only way. Trend Micro RansomBuster and Bitdefender Antivirus Plus are amid those that foil ransomware by decision-making file access. They prevent untrusted programs from making whatever change to files in protected folders. If an untrusted program tries to modify your files, you get a notification. Typically, you go the selection to add together the unknown plan to the trusted list. That can exist handy if the blocked program was your new text or photograph editor. Panda Internet Security goes even farther, preventing untrusted programs from even reading data from protected files.

Ransomware crooks need to accept care that they'll be able to decrypt files when the victim pays upwardly. Encrypting files more than once could interfere with recovery, so about include a marking of some kind to prevent a 2d assail. Bitdefender Anti-Ransomware leverages that technique to fool specific ransomware families into thinking they've already attacked you. Note, though, that this technique tin can't do a thing nigh brand-new ransomware types.

When Webroot SecureAnywhere AntiVirus encounters an unknown process, it starts journaling all activity by that process, and sending data to the cloud for analysis. If the process proves to be malware, Webroot rolls back everything it did, fifty-fifty rolling back ransomware activity. ZoneAlarm and RansomBuster have their ain methods for recovering files. When the anti-ransomware component of Acronis True Image kills off a ransomware set on, it can restore encrypted files from its own secure backup if necessary.

At present a Winner

CyberSight RansomStopper detected and blocked all my real-world ransomware samples without losing any files. Information technology as well detected my simple hand-coded ransomware simulator. And it blocked an assail by Petya, where several competing products failed.

Earlier, RansomStopper exhibited a vulnerability to ransomware that only runs at boot time, just my sources say this blazon of assail is becoming less mutual, and CyberSight has since fixed this trouble. Other free products had their own issues. RansomFree missed one existent-world sample, and Malwarebytes let another sample irreversibly encrypt a few files earlier its detection kicked in. RansomBuster fared worse, missing one-half the samples completely (though its Folder Shield component protected nigh files).

RansomStopper and Check Point ZoneAlarm Anti-Ransomware are our top picks for defended ransomware protection. ZoneAlarm isn't free, only at $2.99 per month information technology's besides not terribly expensive. Withal, RansomStopper manages full protection at no cost.