Introducing the Malwarebytes Anti-Ransomware Beta

[Brink]

For the last four years, ransomware has evolved into one of the biggest threats to cyber security that I’ve seen in a long time. Names like CryptoLocker, CryptoWall, and CTBLocker keep average computer users and IT security Jedis alike up at night. For good reason: Ransomware is cunning, effective, and proliferating, and the cyber security industry hasn’t really had an answer for it.

But we’ve got one now.

Ransomware is easy to understand but hard to beat. It infects the machine, encrypts all files and then demands payment to get the files back. Ransomware works so well that most variants will even remove themselves when the damage is done, knowing you have the choice of either paying the ransomware author to get your files back, or risk losing them forever.

The ransomware we see today is so sophisticated that the advanced encryption it uses makes it impossible to get your files back without paying the ransom. Even using backup systems isn’t an effective countermeasure because ransomware would actively look for different types of backup systems and encrypt them, too.

Most of today’s security software simply cannot protect you from ransomware. Ransomware does not act like traditional malware: some are automatically updated every day, and even use polymorphic (shapeshifting!) code to evade detection. This makes it exceedingly hard to detect.

This is the type of challenge we love. When ransomware hit the headlines, we immediately started looking for a long-term answer.

Our answer started with a company named EasySync Solutions, owned by Nathan Scott, which created an application called CryptoMonitor.

CryptoMonitor was doing an excellent job of stopping ransomware at that time, but having a few ideas of our own, we acquired EasySync Solutions and hired Nathan to come work on stopping ransomware for us. Nathan has been leading the anti-ransomware technology development at Malwarebytes for the last few months.

Now I’m stoked to announce that after months of late nights and a few hundred gallons of Red Bull, Malwarebytes Anti-Ransomware is ready for beta testing.

Malwarebytes Anti-Ransomware uses advanced proactive technology that monitors what ransomware is doing and stops it cold before it even touches your files. It has no shot at encrypting. And it does not rely on signatures or heuristics, so it’s light and completely compatible with antivirus.

These methods proved to be so successful at stopping ransomware that Malwarebytes Anti-Ransomware detected all of the latest and most dangerous ransomware variants right out of development and into beta 1.

This means when running Malwarebytes Anti-Ransomware, you do not have to worry about getting infected by CryptoLocker, CryptoWall, or CTBLocker. Better yet, it can defeat new ransomware the moment it is released, proactively protecting you from ransomware that’s never even been seen before.

Malwarebytes Anti-Ransomware open beta starts today and is available for anyone to install and try out. Please keep in mind that this is the first beta and there may be some bugs or issues that need to be worked out, so we encourage you to try it out in a non-production environment first.

Any comments, feedback, or bug reports are welcome. You can find more information about participating in the Malwarebytes Anti-Ransomware beta HERE.

Source: Introducing the Malwarebytes Anti-Ransomware Beta | Malwarebytes Unpacked


Download: Introducing Malwarebytes Anti-Ransomware - Malwarebytes Anti-Ransomware Beta - Malwarebytes Forum

 

[Brds7t7]

Interesting piece of software. I might give it a try.
I've had Cryptoprevent installed on my systems for a couple of years. It hasn't been updated for a while but reports say it does an effective job.

 

[Lady Fitzgerald]

If one regularly backs up their data like they are supposed to, one will not need this software.

 

[Brink]

If one regularly backs up their data like they are supposed to, one will not need this software.

Prevention would be better though.

 

[Lady Fitzgerald]

If one regularly backs up their data like they are supposed to, one will not need this software.

Prevention would be better though.

If one already has adequate anti-virus and anti-malware protection, prevention should be already there.

 

[Golden]

If one regularly backs up their data like they are supposed to, one will not need this software.

Prevention would be better though.

Agreed

 

[MoxieMomma]

If one regularly backs up their data like they are supposed to, one will not need this software.

Prevention would be better though.

If one already has adequate anti-virus and anti-malware protection, prevention should be already there.

This is a different "layer" of protection against a specific type of threat.
The product is a continuation of "CryptoMonitor".

(If the standard AVs were good at preventing ransomware infections, then there would have been no development of specific anti-ransomware tools and computer disinfection fora wouldn't be completely flooded with reports from infected users.)

Just my two cents' and worth less,

MM

 

[Brds7t7]

True Lady F, but I'm with Shawn on this.
Some of these ransomware strains aren't being picked up by traditional AV or AM.

I do have two separate backups for all my data so it's a low risk, but I'm not taking any chances with ransomware. I'd rather not let it get anywhere near my systems in the first place. This isn't just your average virus, it can do tremendous damage. It's fine having backups, but the thing with ransomware is you don't always know you've got it until it's encrypted all your files. By that time it's too late. There's a chance of it encrypting your backup drives/cloud backups while they are connected.
These viruses are definitely improving and getting harder to detect and the more money criminals make, the more effort they'll put into ransomware. I would never pay, as I don't believe in feeding these criminals. But a lot of people are, and these criminals are making a lot of money from it. There will be a lot more of these types of virus appearing in future.

I do think this is something they should integrate into MBAM, along with Anti-Exploit. Instead of having to install 3 different pieces of software.

 

[MoxieMomma]

I do think this is something they should integrate into MBAM, along with Anti-Exploit. Instead of having to install 3 different pieces of software.

That suggestion is a good one, and it echoes those made by others, e.g. here
The anti-rootkit technology of Malwarebytes Anti-Rootkit Beta (MBAR-beta) was incorporated into MBAM quite a long while ago.

Having said that, the more complex the application (or "suite") becomes, the harder it becomes to code it without breaking one piece or another.
So, there is some value to developing and maintaining separate tools for separate tasks.
It allows the programmers to be more "nimble" when they need to change the engine/technology for a particular application.
That was the rationale provided by Malwarebytes staff when asked about why MBAR-beta is maintained as a standalone.

Having said all that, I am just a home user and do not work for Malwarebytes. I am not a software developer, either. My opinions are mine alone. There may well be an intent to eventually combine MBAM + MBAE + MBARW.

The company is currently soliciting feedback from MBAM users for both BUGFIXES and PRODUCT FEATURES.
So, you might want to participate in either or both of those fora.
And there is a special forum for MBARW-BETA HERE, for similar feedback.

Cheers,
MM

 

[Brds7t7]

Thanks for the links MM. I'll be taking a look through some of those forums.
This is interesting: https://forums.malwarebytes.org/ind...e-why-do-i-need-anti-ransomware/#entry1014942
It explains how the product works differently from their AM and AE products.
They also mention that it will most likely be integrated into their other products once it's out of beta

 

[Lady Fitzgerald]

...This is a different "layer" of protection against a specific type of threat.
The product is a continuation of "CryptoMonitor".

(If the standard AVs were good at preventing ransomware infections, then there would have been no development of specific anti-ransomware tools and computer disinfection fora wouldn't be completely flooded with reports from infected users.)...

MM

Exactly!

 

[Lady Fitzgerald]

True Lady F, but I'm with Shawn on this.
Some of these ransomware strains aren't being picked up by traditional AV or AM.

I do have two separate backups for all my data so it's a low risk, but I'm not taking any chances with ransomware. I'd rather not let it get anywhere near my systems in the first place. This isn't just your average virus, it can do tremendous damage. It's fine having backups, but the thing with ransomware is you don't always know you've got it until it's encrypted all your files. By that time it's too late. There's a chance of it encrypting your backup drives/cloud backups while they are connected.
These viruses are definitely improving and getting harder to detect and the more money criminals make, the more effort they'll put into ransomware. I would never pay, as I don't believe in feeding these criminals. But a lot of people are, and these criminals are making a lot of money from it. There will be a lot more of these types of virus appearing in future.

I do think this is something they should integrate into MBAM, along with Anti-Exploit. Instead of having to install 3 different pieces of software.

If you have a proper backup scheme, your data will still be protected from ransomware. To be properly protected, your data needs to exist in three, separate places, two of them not connected to the computer except when updating the backup and one of those kept offsite.

 

[UsernameIssues]

CryprotoPrevent stopped the ransomware shown below.

MBARW quarantined the EXE - but it was too late.

 

[MoxieMomma]

CryprotoPrevent stopped the ransomware shown below.

MBARW quarantined the EXE - but it was too late.

View attachment 380561

It's a BETA product, @UNI.

The devs welcome your input HERE to help improve the program.

Having said that, I'm not here either to bash it or to defend it.

Cheers,
MM

 

[Lady Fitzgerald]

CryprotoPrevent stopped the ransomware shown below.

MBARW quarantined the EXE - but it was too late.

View attachment 380561

It's a BETA product, @UNI.

The devs welcome your input HERE to help improve the program.

Having said that, I'm not here either to bash it or to defend it.

Cheers,
MM

Coward!

 

[Brds7t7]

Looks like they're releasing beta2 later today which will fix some early issues.
https://forums.malwarebytes.org/ind...-prevent-infection-after-reboot/#entry1014934

 

[UsernameIssues]

Since the MWARW code is building on CryptoMonitor, I would expect a bit more product maturity. Even in the BETA release.


I don't suggest CryptoPrevent for the average user. You have to know when/how to turn it off. If the Filter Module is turned on and the Windows On-Screen keyboard is started - the computer goes into an UAC loop. The user will have to hold the power button in to shut down the computer.

 

[ThrashZone]

Thanks for the heads up UNI
I never see many reasons to use betaware life is already interesting enough

 

[Brds7t7]

CryprotoPrevent stopped the ransomware shown below.

MBARW quarantined the EXE - but it was too late.

View attachment 380561

Did the encryption start on your test UNI?
Looking through the known issues on beta1 it states that in some cases the popup and help txt files can still show, however the encryption gets blocked successfully.

 

[Layback Bear]

Malwarebytes Anti-Ransomware



Just another tool in the good guys tool box. We need all the tools we can get.
Backups is another tool. One tool doesn't replace the other.



I know a young lady that does several backups. No harm done. It's one of those, (Just in Case) things.
Malwarebytes Anti Ransomware is another (Just in Case) program. One never knows what is coming down the pike in full attack mode. The bad guys don't seem to take vacations.

The first line of defense against ransomware is stopping it before it gets on your computer.
If plan "A" fails for what ever reason then of course a backup would be plan "B".