Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is the Bitdefender ransomware vaccine an effective method of protection?

Bitdefender's new ransomware vaccine takes a stab at quelling the rising tide of ransomware attacks. Expert Michael Cobb explains how it works and if it is effective.

A cybersecurity company claims to have developed a ransomware vaccine that can protect enterprises. How does the...

Bitdefender ransomware vaccine work, and do you think it has merit?

Ransomware is malware that prevents users from accessing their computers or files. Some prevent access to the operating system, others encrypt files or stop certain apps from running. Once a system has been infected, a lock screen appears, and to regain access the victim has to pay a ransom or perform a task such as completing a survey. Ransomware spreads through phishing campaigns, malicious links in emails and downloads, and is a problem for both consumers and enterprises, as many attacks are delivered by mass random emails. It occupies the number two spot of top malware varieties within crimeware in Verizon's 2016 Data Breach Investigations Report.

To try and prevent ransomware from encrypting a user's files, should they fall victim to a phishing email or malicious attachment, Bitdefender Labs has released a free Crypto-Ransomware Vaccine tool aimed at blocking the encryption process of certain strains of ransomware. It works by making the ransomware think that the device has already been infected.

To encourage victims to pay up, an attacker has to "gain a reputation" for decrypting files once the ransom has been paid. Things can get awkward if the ransomware keeps encrypting already encrypted files, so most ransomware runs checks to ensure that already infected devices are not attacked again. By making minor system modifications, the Bitdefender ransomware vaccine can make a device appear as if it's already infected to prevent the current variants of CTB-Locker, Locky and TeslaCrypt from trying to hold the user to ransom.

While this is a commendable attempt to tackle the growing problem of ransomware, the ransomware vaccine only works against certain ransomware families and won't work indefinitely, as malware writers will quickly update their code to circumvent this trick. For example, an earlier tool designed to prevent the CryptoWall ransomware from encrypting files no longer works, as those behind CryptoWall have changed the way it operates. Even if the Bitdefender ransomware vaccine tool is updated whenever a new variant of ransomware evades the existing ransomware vaccine, it should only be viewed as a short term solution. System administers are unlikely to want yet another app to test, deploy and constantly update, particularly as a ransomware vaccine only provides a short period of protection and relies on arbitrary changes to the Windows registry.

Instead, administrators should focus their efforts on other areas of security. A well-tested and thorough backup policy is the most reliable method for recovering infected systems. Backups should be stored offline because many ransomware variants will try to encrypt data on connected network shares and removable drives. Security awareness training programs should cover the latest tricks attackers are using to spread their malware, while antivirus and web filtering software should be kept right up-to-date. As the delivery of most ransomware payloads takes advantage of known vulnerabilities rather than using a zero-day exploit, keeping operating systems patched and up-to-date should prevent many attacks from succeeding. Finally, ensuring users only have minimum privileges will limit the ransomware's access to the device's resources.

Ask the Expert: Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)

Next Steps

Learn about a new ransomware variant that tricks victims into paying for deleted data

Find out how your enterprise can avoid ransomware attacks

Top methods for preventing ransomware attacks on healthcare data

This was last published in August 2016

Dig Deeper on Email and Messaging Threats-Information Security Threats

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Would your enterprise consider using ransomware vaccines for protection?
Cancel
Cannot see a reason why, as the solution is "chasing the tail", as the author explained.
Anyway, I suggest looking at www.minerva-labs.com, an innovative solution to preventing malware in general and recovering from ransomware attack in particular, without any updates or prior knowledge.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close