I currently run the paid version of MBAM as well as Defender on my Win 10 computer, but I worry if I'm sufficiently protected from ransomware. I know better than to click on unknown email attachments and strange websites, but still I worry.

The local newspaper had an article this morning stating that an Arkansas county sheriff's office had recently paid a $2,440 ransom after hackers breached their system and blocked deputies from accessing important information. The only thing that could be opened on the county computer was a notice that the system had been hacked and the hackers were demanding the ransom to be paid in three 'bitcoin' payments totaling $2,440.

The article went on to describe other recent ransomware infections:
- A Pennsylvania prosecutor's office paid a $1400 ransom.
- County offices in Indiana were forced to pay a $21,000 ransom.
- Hackers locked out medical files and operations in an LA hospital until administrators paid a $17,000 ransom.

Of course, the FBI discourages the payment of ransom because it gives other hackers the incentive to get involved. Reportedly, the FBI estimated that more than 20,000 computer systems were hacked by ransomware in 2015.

I know for a fact that it can happen close to home. In early-2015 my sister's computer was held for a $800 ransom because she made the mistake of clicking on a message that suddenly appeared on her screen. She didn't pay the ransom....a local computer shop was able to salvage a few data files, but that was about it. Since it was time for a new computer, we destroyed the old hard drive and a local computer shop got her up and running on a new Dell; they also installed MBAM and Bitdefender for her. And then I had her purchase an external drive and perform automated backups.

But still I worry about sufficient ransomware protection. Any comments or suggestions?

_________________
BB
http://barrypatch.net

Very good question BB!

My solution is that I don't worry about it but that is strictly due to the fact that I can restore an image backup from my internal image backup drive via Acronis that is less than 24 hours old as I have Acronis scheduled to do daily images. I also do a couple of Windows full image backups per week but not daily.

OK so, YES, Ransomeware COULD affect my internal backup drive. I also do weekly images to an external drive. It seems to me that the most that I could lose would be within a week.

Are you safe? No one can truly answer that. With MBAM Pro I think that you are probably as safe as can reasonably be unless you want to sand box your system.

_________________

Jay, thanks for your thoughts. I also do several weekly backups using both Acronis and Macrium, mostly to external drives. So like you, I could hopefully recover and lose less than a week's worth of stuff. But you know me....I still worry. Although I know several CH members who use Sandboxie, that's not really something I want to do at this time.

Happy Holidays to you and everyone else..........

_________________
BB
http://barrypatch.net

Happy Holidays back at you.

I DID also run the MBAM anti ransomware free version but that seens to have disappeared with my last MBAM update. It is no longer listed in Programs and Features so I assume that it is now included in MBAM Pro but cannot say that for fact. In another thread someone, I think it may have been Pete, suggested that this might happen.

_________________

bbarry, I use two programs, either one which alone, should stop ransomware.

First is Sandboxie, https://www.sandboxie.com/ Unless I am doing Microsoft updates or updating another program, I always surf and use my email client in Sandboxie. In the unlikely event I would download a malware, it is trapped in the sandbox, unable to infect the system. As soon as you delete the sandbox, which I ALWAYS do when I am finished surfing or reading email, EVERYTHING inside the sandbox gets deleted which would, of course, include the baddies; the baddies never saw your system's c:drive.

The other program is ShadowDefender, http://www.shadowdefender.com/ This is an amazing powerful program that freezes your entire c:drive, and ALL OTHER DRIVES even external, into the state that they are in when you freeze them, all changes are wiped out when you reboot. The other amazing thing about this program is its simplicity, it is so easy to use. Now you must understand the power of this program because it can hurt you. If you worked on a Word document, or Excel spreadsheet, did Microsoft updates, or updated another program, EVERYTHING is wiped out and you start fresh, as if you had never even used your pc. So you MUST have this program turned off when doing any program updating. There is a way to "commit" a document. This feature "punches a hole" in ShadowDefender and allows you to save that document, AND ONLY THAT DOCUMENT, onto your c:drive. Again, I must repeat how easy this program is to use; Sandboxie can get complicated depending how you use it. I have used both Sandboxie and ShadowDefender for years without any problems, and I usually use them together.

Of course I am still a very firm believer in anti-Viruses and Malwarebytes, the more safety nets, the better.
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson

My take is to never click on anything that somebody else sent you. Go there directly. And as Jay, have an image backup that allows you to restore and recover from any "little" mistakes.

There's lots of other software that can be used but if you can recover from an oops easily they really aren't needed.

_________________
Best regards,
Manny Carvalho
MS-MVP since 2002

I totally agree with Manny. On my work machine, I take incrementals every hour. My other images are all off line.

THe first and foremost protection is Sandboxie. Not using it is a fatal mistake.

As to MBAM Pro In testing against real malware, I would say 2.0 is not effective. 3.0 was, but there is a bug that can imaging programs to fill your hardrive with junk.

The one place where imaging is a big help is with secondary internal drives. I have two other internal drives and they are too big to image.

Yes, I must agree, backups are always the best.
Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson

The thing that never gets mentioned is checking the address of links in emails or in your browser. You can always see where a link is pointing to by simply hovering over it. You'll see it either in a tooltip or in the status bar of your browser or email client - showing the status bar is a must! Look at the first domain listed in the URL, just ignore everything after that. microsoft.xyw.com, is not the Microsoft domain. Only xyw.microsoft.com actually belongs to Microsoft.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

This has been a good discussion, and I have learned a lot about the cautionary measures that other members utilize. I also now feel a little better about my own internet activities. I almost always do as Manny suggested and go directly to the website rather than clicking on a link that someone sends me. I also do as Patty suggested and hover over a link to get a good feeling about the address before I click on it. Same with junk emails. And the culprits certainly try to fool us by embedding names that we are familiar with (e.g., Microsoft, Google).

I know that several of you use Sandboxie (Pete, Acadia), but I'm still reluctant to use that program because for me, less complication is better as long as I am reasonably protected. And in that regard, same applies to ShadowDefender....I know I would hurt myself with that program, as Acadia warns.

Pete, I understand that you have a customer base you must protect and therefore you need to take every precautionary measure that you can. This may be the same for Acadia....I don't know. But Pete, I do have a question. You confused me when discussing the versions of MBAM Pro (i.e., 2.0 vs 3.0). The version I am running is 2.2.1.1043. Is there a known problem with the images this version creates?

At this point, I think I will continue to rely on MBAM and Windows Defender, along with many image backups in case I make a mistake or have an 'oops', as Manny says. Jay will attest to the fact that I probably create too many weekly image backups. I have complete backups on a second internal drive and on three external drives. One of the externals is kept away from my home, and I try to update it every 2 weeks. All my data files are saved using copy/paste to a flash drive, plus I use File History.

Again, thanks to everyone for 'talking' to me about ransomware prevention.

_________________
BB
http://barrypatch.net

Hi BB

No there is no problem with images from 2.0. There is also no real ransomware protection. The new version 3.0 has the ransomware has the ransomware. It is the one with the image problem and until they fix it, it's no insurmountable.


Pete

Wow... no sooner do I mention the thing about the IP address showing up in the status bar, then I get a phishing email that doesn't display any address at all when you hover over their links! I've never seen that before.

It was from "Paypal" and was supposedly a response to a request for help from their Customer Service (which I did not do). Not only that, but it had a green banner across the top which purported to be from Microsoft and said it was from a safe sender. Yet no indication of where the "Paypal" links (and they did appear to be links - in other words the cursor turned into a hand) pointed to.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

That can easily be done with JavaScript Patty.

_________________

That may be, but I've never seen it done before. And Microsoft did not catch it as either junk nor scam.

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

Hi Patty

Could you forward that email to me at Peter2150 at aol dot com I'd like to have a play with it. Not surprised it wasn't caught. These guys have figured out how to by pass all the traditional solutions.

Pete

I could, but it won't show you anything. I reported it as a phishing scam, it now sits in my deleted items, but all links have been removed, it all just looks like regular text now. There really isn't anything to see. Do you still want it?

_________________
Patty MacDuffie
Computer Haven Administrator

Live Long and Prosper
Mr. Spock

No thanks. I wanted to tested it's nasty aspects. When I have time I like to play with these nasty emails. Of course on a well protected system and also in a VM

I would like to add one last thing to this very educational thread. Backups are always the best recovery, but you would need to know that you are infected to know that you need to conduct a recovery. If your AV and/or Malwarebytes missed a new baddie, you are infected. The neat thing with Sandboxie and/or ShadowDefender is that you do not even need to know that you are infected, they will always recover you automatically anyways. I am still learning, am I missing something here?

Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson

Hi Acadia and all.

I would say yes you are. It's true, both Sandboxie and Shadowdefender will get rid of the offending malware, and also should prevent Ransomware from hurting you , but malware can still do a lot of damage, before you delete it.

I much prefer shutting down before it gets a chance to do any damage.

I've been doing some testing with real live malware, and in one case I am surprised by the positive results. Going to to some additional testing over the holidays and then will post.

CAUTION. Don't play with malware unless you have the right set up and know what you are doing.

OK Pete, I know you are computer smarter than me, and you confuse me sometimes, lol. In this case, what do you mean by:
I much prefer shutting down before it gets a chance to do any damage.
Just how do you do that?

...in one case I am surprised by the positive results.
Positive in what way?

Thanks for the education........BB

_________________
BB
http://barrypatch.net

Sometime my typing can't keep up with my brain. What I meant is shutting down the malware before it can do any damage. Some of the programs just delete it but don't stop the malware from running. I want both, to stop it and delete it.

The surprise I got was a program, that I didn't think would be protection against all attacks has proven so far to be just that. It's just pre mature to make a blanket statement.

Let me clarify the above with an example. Although this was sandboxie, it would be equally true with Shadow Defender.

Traditional AV type software. It detects a piece of malware, and it stops it from running. May quarantine it but leaves it on your system.

A few years back I tested a nasty virus against Sandboxie. Then this thing ran it it set the screen a flashing with crazy lights and patterns. You couldn't access anything either with screen or keyboard. Your only option was a reboot. Once you rebooted, the virus owned your system. It was game over. Now re running it in the sandbox, same thing. Flashing lights locked keyboard etc. Totally the same thing. Still had to reboot. and here was the HUGE difference. The system was clean, it never got infected. Delete the sandbox and it was all gone.

Does that make it clearer?

Pete

Yes, Pete - thanks. I would be interested to know more about the system/program that is giving you such positive results, once you think it is time to share.

This may be a false assumption, but it looks to me like you purposely seek malware to attack your system so that you can test the various means of stopping it from doing damage. I guess what I'm asking.....if you don't invite malware onboard your computer, do you really get that many attacks? On your office computers? On your home computers?

Knock on wood, I've never had flashing lights and crazy patterns, nor ransomware like infected my sister's computer last year (she clicked when she shouldn't have). I do take some precautionary measures, but not nearly as many as you and Acadia (and perhaps other CH members). Just curious....

Thanks again for the info...

_________________
BB
http://barrypatch.net

I have stated this so many times in the Haven, and other forums ... SandBoxie and ShadowDefender only protect you when they KILL the malware. But while you are "alive" and surfing, the malware, if you somehow acquired it, is still alive, yes trapped inside of either program, but still able to function. Now the neat thing, one of MANY neat things about these two programs, is that they allow things IN but not out. Now, what the hell does that mean? Your security program, AVs, MVs, etc, are able to get into the "sandbox" to scan, but the bad guy still cannot get out. Yes that is right, if a virus or much more brutal cousin, Trojan, is found, it is deleted. Of course this is almost a moot point because as soon as you kill the sandbox, it is gone anyway.

I have posted this MANY TIMES: here is what the creator of Sandboxie stated:
https://www.sandboxie.com/index.php?DetectingKeyLoggers

Long story made short: always kill the sandbox created by Sandboxie in order to kill any and all bad guys that you may have acquired during your surfing. Then start surfing again to your financial site in a new sandbox, free of EVERYTHING!!

Yes, yes, I know, this may not be newbie stuff. ShadowDefender is easier to use but more brutal if you do newbie mistakes. The neat thing about ShadowDefender is that, if you understand its power, it KILLS everything that you did that day, good or bad.

Acadia

_________________
The blazing evidence of immortality is our dissatisfaction with any other solution. -- Emerson

I just saw an advertisement for something called Ransomfree. It's from a company called Cybereason. Does anyone have any information on this program or it's parent company? (Cybereason.com)

Right now Ransomfree is a free download. Before I download anything I want to know about it. Any information would be appreciated.