Jump to content

Featured Replies

Posted

Today Malwarebytes announced their latest security offering called Malwarebytes Anti-Ransomware.

Malwarebytes Anti-Ransomware, or MBARW for short, is currently in beta and is a small utility that runs in the background while quietly monitoring computer for behavior associated with file encrypting ransomware.

When it detects associated behavior it automatically blocks the thread from encrypting your data, quarantines the executable, and alerts you that something was detected.

 

https://www.youtube.com/watch?v=WOkUhGlXnRg

 

Malwarebytes Anti-Ransomware is currently being released as a free standalone product that anyone can use to protect their computer.

With ransomware being one of the biggest computer security threats currently affecting users, tools dedicated to its prevent is a welcome one.

 

Malwarebytes feels the same way as according to Nathan Scott, the leader technical developer of Malwarebytes Anti-Ransomware, "I'm thrilled with the release of this application as it has finally brought together all of the ideas from our top developers who sought one common goal; to stop victims from getting infected by Ransomware.

We want to make ransomware a thing of the past and this application is going to get us much closer to that day."

 

On release, I tested this product against ransomware samples such as the heavy hitters TeslaCrypt and CryptoWall as well as smaller ones like Magic Ransomware and LeChiffre. Knowing this was a beta and expecting bugs, I was pleasantly suprised that Malwarebytes Anti-Ransomware did a great job stopping threads that were trying to encrypt the files on my test computer. On each test it terminated the threads or processes, quarantined the associated executables, and issued a detection alert notifying me of the threat.

 

e7a2cd4d7ce0a7c3e8cfcdefaf79e77c.png

Ransomware Detection Alert

 

Though Malwarebytes Anti-Ransomware did a terrific job protecting the test computer, I did notice that on the smaller ransomware infections such as LeChiffre and Magic, one or two files were encrypted before MBARW kicked in and blocked the encryption thread.

Also MBARW currently allows other ransomware actions such as removing shadow volume copies and creating ransom notes to occur.

Finally, Malwarebytes Anti-Ransomware is currently labeling all detected ransomware as Malware.Ransom.Agent.Generic rather than more descriptive names that help identify the particular family the infection belongs to.

 

d3634bbc5982ac74c466c8c447882c6c.png

Quarantine Screen

 

According to Nathan Scott, "This version of Malwarebytes Anti-Ransomware is focused on stopping the ransomware at all costs and eliminating any false positives. The next beta version will have a stronger focus on preventing ransomware actions such as shadow volume manipulation, the creation of ransom notes, and to properly identify the ransomware families."

 

Without a doubt, Malwarebytes Anti-Ransomware Beta makes a strong debut with its ability to stop ransomware from encrypting your data.

Along with other products such as Emsisoft Anti-Malware's Behavior Blocker and SurfRight's HitmanPro.Alert, Malwarebytes Anti-Ransomware provides strong protection against current and future ransomware threats.

 

For those who want to help beta test this product, Malwarebytes has setup a dedicated topic where you can discuss the product and provide feedback.

 

 

Source and Credit:

http://www.bleepingcomputer.com/news/security/malwarebytes-releases-new-anti-ransomware-beta-software/

 

 

Note:

As this is the very first beta we do encourage beta users to install the product in non-production environments for testing purposes.

You can safely install Malwarebytes Anti-Ransomware beta alongside Malwarebytes Anti-Malware and Malwarebytes Anti-Exploit.

 

Download link:

https://malwarebytes.box.com/s/s7h3v3derixc7b88q5okal5c0vol5h1x

76c90dd0e79a714317a8daeecc1584d2.png

  • FPCH Admin
Sounds good. Have you tested it out yet, Pete?

~I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant.~

~~Robert McCloskey~~

  • Author

Not yet.

I don't have a VM set up at the moment to download the ransomware to.

76c90dd0e79a714317a8daeecc1584d2.png

Thanks for that Pete, sounds interesting but I am generally leery of things running in the background, and not fond of beta anything.
  • FPCH Admin

Up until a couple days ago I didn't realize there was a version of Malwarebytes for Macs. I now have it installed as my only Malware app.

 

I don't know if ransomware has hit OSX yet. If they make a Mac version I will give it a whirl. Better safe then sorry.

  • FPCH Staff

Aws

 

The Malwarebytes for mac is based of adwaremedic that was rebranded when they purchased it. Just remember it doesnt offer any real-time protection, but is really good at getting the Adware and PUP that has been affecting Apple computers.

“It's only after we've lost everything that we're free to do anything.”

― Chuck Palahniuk, Fight Club

783bfc961f3c797923a6331152440e18.png

  • Author

Basically the 2 programs work in completely different ways:

 

CryptoPrevent artificially implants hundreds of group policy object rules into the registry in order to block executables (*.exe, *.com *.scr and *.pif) and fake file extension executables in certain locations (i.e. %AppData%, %LocalAppData%, Recycle Bin) from running.

 

CryptoMonitor does not rely on definitions to protect you from encrypting ransomware, but instead relies on behavioral detection that allows it to detect encrypting ransomware before it has a chance to encrypt your data.

 

Nathan owned EasySync Solutions which created CryptoMonitor.

EasySync was acquired by MalwareBytes and Nathan was then employed by them to head up their anti-ransomware technology development.

MalwareBytes had some ideas of their own and now MBARW is basically carrying on from where CryptoMonitor left off.

76c90dd0e79a714317a8daeecc1584d2.png

Guest
Reply to this topic...