Every antivirus package claims it can protect you from ransomware, but that might not always mean what you think. Detecting and blocking a threat is a good start, for instance, but can your antivirus also recover anything the infection managed to encrypt? If not, you could be in trouble.
There are also no guarantees that your antivirus behavior monitoring will spot an undiscovered threat. And if it doesn't, your problems will get even worse.
If you're particularly concerned about ransomware, switching antivirus could help. Some packages track malicious file changes, allowing them to recover lost data. Others allow only trusted applications to access your files, a smart approach which should block both known and undiscovered threats.
The other option is to run a second malware detector alongside your existing antivirus. This should improve the chance of detecting an infection, and may help you recover any damaged data afterwards.
There are a range of free anti-ransomware tools which could help, but commercial products often have more features and a better track record. Here are five great examples of paid products which could help you keep ransomware at bay.
- We’ve also picked out the very best antivirus software
AppCheck Pro is a special anti-ransomware app which aims to detect and block even the latest undiscovered threats.
The program runs alongside your antivirus, watching all running processes for ransomware-like behavior. AppCheck's sophisticated engine keeps an eye on your MBR (Master Boot Record) and GPT (GUID Partition Table) as well as your files. Malware is blocked as soon as it's spotted, and can be automatically removed.
Many antivirus apps can do much the same, but AppCheck goes further. It tracks changes made to key files, helping you restore files that were encrypted before the ransomware was stopped. And even if it can't block the threat, that doesn't have to be a problem – AppCheck can back up files in real-time as they're modified, an extra layer of protection that (almost) guarantees your data safety.
Sounds great, but can the program live up to its promises? To find out, we tested it with known ransomware and a brand-new ransomware simulator we wrote ourselves. AppCheck performed well, spotting and disabling both threats and recovering the small number of files our malware managed to encrypt. Both incidents were cleaned up within seconds without us losing any data at all.
A successful anti-ransomware strategy needs a capable antivirus engine to detect threats on sight, and Bitdefender is one of the best packages around. It regularly tops the rankings at the independent testing labs, for example blocking 100% of threats in each of the last four AV-Comparatives Real-World Protection Tests (July to October 2017).
Bitdefender offers a second layer of protection through its behavior monitoring engine, which looks out for ransomware-like actions and tries to stop threats before they can do any harm. We're unsure whether this is quite as powerful as some of the best specialist anti-ransomware apps, but it's still worth having.
Bitdefender's key anti-ransomware selling point is its Safe Files feature. This acts something like a firewall for your file system, preventing unauthorized programs changing any files in protected folders. By default this shields your major user profile folders – Documents, Pictures, Music and so on – and you can add others as required.
Safe Files is a powerful tool which really could save your data in the event of an attack, but it can sometimes cause issues with legitimate programs which need to write to protected folders. Run the trial version of Bitdefender Antivirus Plus before you buy to see how the system works for you.
Panda Internet Security's antivirus engine provides a strong first line of protection, blocking most ransomware before it can do any harm. No need to take our, or the company's, word for it – AV Comparatives Real-World Protection Tests show Panda blocking 100% of threats in each of the last four tests (July to October 2017).
An additional Data Shield tries to keep you safe from even brand new and undiscovered threats by allowing only trusted applications to access or change specific file types.
By default Data Shield protects Office documents, images, audio and video files, and automatically allows access to some common applications (Office, Windows Media Player, Paint, Notepad and so on). If that's not enough you can customize the settings to add new file types or trusted programs.
This is a smart idea which should block most ransomware, both now and in the future, but it does have problems of its own. As with all similar technologies, it can cause conflicts with legitimate applications which need to access protected files. This could be a hassle, particularly for users who are always installing and trying new software.
Although they look very different, most of the top anti-ransomware choices work in the same way. The assumption is that you're running an antivirus as a first line of protection, while they specialize in detecting ransomware only. This can work very well, but it's not your only option.
As you'll guess from the name, Webroot SecureAnywhere AntiVirus doesn't just protect you from ransomware – it's a full-strength antivirus tool. Install it alongside your existing antivirus and if one of the packages misses any type of threat, there's a chance it'll be caught by the other.
Forget the rule about ‘not installing two antivirus packages’; that doesn't apply here. Webroot SecureAnywhere AntiVirus is designed to run alongside other security software without causing conflicts. And the app is so fast and small that it won't slow you down. You'll barely know it's there.
Opting for a general antivirus tool doesn't mean you're missing out on ransomware protection, either. Webroot SecureAnywhere AntiVirus has a very handy extra in its ability to track file changes made by malware. Even if you do run into something nasty and it encrypts a few files before being stopped, Webroot will often be able to undo the changes and recover your original data.
ZoneAlarm Anti-Ransomware is an easy-to-use tool which can run alongside any antivirus to keep your system ransomware-free.
The program doesn't use signatures, and so won't waste your bandwidth by downloading regular updates. Instead ZoneAlarm monitors processes to check for suspect actions, allowing it to spot even brand new, previously unknown threats.
Our tests found ZoneAlarm performed very well with known ransomware, watching their activities, jumping into action when necessary, and restoring any encrypted files to ensure no data was lost.
The program failed a second test when it allowed our own simulated ransomware to encrypt thousands of files. While that's a concern, our test package wasn't real malware, so we can't penalize ZoneAlarm too heavily for ignoring it – especially when it killed the genuine ransomware with such ease.
- Remember that a VPN is also a key ingredient of online security these days