As we've seen over recent months, ransomware can spread to PCs around the world in a matter of hours, bringing vital infrastructure systems to their knees. The latest major ransomware attack, PetrWrap, struck major targets in Ukraine including the national power company, central bank and main airport.
PC security companies have reacted by developing specific tools to guard against new threats as soon as they're identified, but that's not always enough.
"Once ransomware hits and encrypts your PC, you're basically screwed," Skyler King, technology leader at ZoneAlarm, told TechRadar. "Traditional antivirus might be able to remove the ransomware, but not decrypt the files."
PetrWrap, for example, was based on a known ransomware threat, but with without the vulnerabilities that security firms had been using to restore data. By the time PetrWrap was detected, the files were already locked.
That's why ZoneAlarm has created a new security tool – ZoneAlarm Anti-Ransomware – that uses behavioral analysis to detect file-locking programs without the need for updates to target new threats.
Behavioral analysis and Smart Backup
ZoneAlarm has analyzed hundreds of thousands of ransomware variants to determine what kind of operations to look for, and block them before they have a chance to start encrypting your data.
"All the attacks we've seen in the last six months, we've been able to stop without an update," says King. "Turn on your PC and you'll be protected automatically because of multiple detection technologies."
In case a malicious program manages to evade that first check, ZoneAlarm Anti-Ransomware also watches for signs that files are being systematically and illegitimately modified. If an attack is suspected anti-ransomware software takes a snapshot of the files (a technique known as Smart Backup), which can be used to restore them after the malware has been quarantined.
Because this process only kicks into action when a suspicious operation is detected, its impact on system performance is minimal and you only need 1GB spare storage for the snapshots. If the detected operation is benign, the backups will be scrapped.
ZoneAlarm Anti-Ransomware is available for US$1.99 per month for one PC, with a 30-day free trial. It's not intended to replace your existing antivirus, but will run happily alongside it.
- Need a new antivirus suite? Check out the best free options.