Would you like some protection against Ransomware without feeling as if you are paying a king’s ransom for peace of mind?

In the wake of the WannaCry ransomware attack a few weeks ago, I started a hunt to find some method of guarding against a future attack without having to pay for another layer of antivirus/antimalware protection.

Malwarebytes Premium price

Malwarebytes Premium is priced per machine per annum

You might well ask why your current antivirus protection doesn’t cover against ransomware. Well, maybe it does – but only ransomware that it has seen before. The WannaCry attack was what is known as a “zero day attack“: unknown to antivirus/antimalware protection and, therefore, unrecognised by it. “So”, you think, “what we need is protection that recognises something it’s not seen before”. Well, Malwarebytes (amongst others) does now claim to protect against new types of ransomware – but only if you invest in their “premium” version. This comes in at a slightly eye-watering £29.99 PER PC PER YEAR. Maybe that’s a small price when you consider the potential cost of losing all of your data files, but it’s quite a lot if your opinion is that the chances of being attacked are low. In a world where we get used to buying apps for our iPhones for about £0.69, this looks a bit expensive – especially as it’s an annual subscription and not a one-off purchase.. and you need a separate subscription for each PC that you have.

Cybereason logoSo, I cast my net a bit wider. Knowing that I would want to write a blog post about it, and assuming that my clients are like me in not wanting to feel as if they’re paying a ransom to protect themselves from ransomware, I decided that I was only interested in trying free products. I found just one – called RansomFree ,from an organisation called Cybereason.

RansomFree logoI installed this on my “main” laptop on 26th May and made a mental note to keep my eyes open for any adverse effects. There haven’t been any. It’s true that my Dell XPS 15 laptop is fairly new and has a good specification, so any adverse effect on performance would, indeed, be a bad sign. I’ve run antivirus scans (back to using Windows Defender at the moment because Avira drove me bonkers with its popups) and I’ve run antimalware scans (using Malwarebytes Free), and RansomFree does not seem to have upset these either.

So, now I feel reasonably confident in recommending RansomFree if you are bothered by the thought of ransomware but don’t want to fork out good money for protection against it (which, let’s face it, may or may not work against a threat whose exact nature and profile is hitherto unknown).

There are some interesting features of RansomFree:

  • It doesn’t aim to identify the threat by recognising a file or file type or code within the file that’s characteristic of the threat it’s looking for. Instead it keeps an eye on actual behaviour in your system. To this end, it sets traps by creating typical-looking files and watches to see if anything attempts to mess with any of those files. If anything happens to any of them, it immediately stops the process involved, alerts you and sets in motion the steps to eliminate the threat. I must say that I was a bit caught out when I spotted some odd looking folders on my system with some oddly named files (see the example below). It’s a bit untidy having “unreal” files and folders on the system, but that’s probably a price worth paying.
  • The next interesting feature follows from the first in that, because RansomFree is looking for BEHAVIOUR, and not looking for specific nasty programs, it doesn’t need to be updated with knowledge of the latest threats (unlike antivirus and antimalware protection). It needs no maintenance from the user. Just install it and forget it.
  • Finally, RansomFree only needs to be installed on one machine in a local network. It then looks after the rest of the network. It should be noted, though, that RansomFree only works on Windows machines.

Ransomfree Bait Folder

One of the “bogus” folders RansomFree has put on my c: drive

I don’t know how good RansomFree is going to prove to be at doing its job (and hope I never find out!). What I do know is that I’m happy to have expended the initial time and energy in finding the program as I can now pass it on to you and that, after all, is my job. After reading this post, you can now install it just by clicking this link – and following the instructions.

If it makes you feel slightly less insecure then that, after all, is one of the benefits of any insurance policy – and the premiums are pretty low!

What is “Ask.com” and how did its toolbar get into my browser?

Ask logo

The “Ask” logo. Beware.

Ask.com is a search engine, so you would expect it to be similar to Google, Bing, Yahoo Search, and DuckDuckGo.

Superficially, it is the same. The main obvious difference is that Ask.com (that has now gone back to calling itself “Ask Jeeves”) provides information by responding to questions – eg “What is the nickname of Lincoln City football club?“.

Apart from the fact that it doesn’t actually answer the question in any meaningful way, there are many claims around the internet that the results from Ask.com are inferior, that paid listings are disguised as free listings, and that they engage in dodgy practices. One of these, for instance, is that the white space around a paid ad is also “clickable” such that clicking in the white space will take the visitor to the advertised web page unintentionally (source).

Ask Jeeves logo

One incarnation of the “Ask Jeeves” character. Not as harmless and friendly as he looks.

Probably more importantly, though, Ask manages to install an insidious “toolbar” onto your browser without your explicit permission. There are companies out there who have done a deal with Ask whereby installing or upgrading that company’s product will cause the Ask toolbar to be installed unless you explicitly untick a check box. This is underhand, devious, nasty. What is worse, another thing that happens is that Ask may “take over” the entire “search” function of your browser and may even set itself as your browser’s home page.

I have also read of a shameful practice whereby there is a time delay between installing something that has dragged “Ask.com” along with it, and the manifestation of “Ask.com” in your browser. So, when it does make itself known to you, you won’t make the connection with the action that introduced it. This is unforgiveable. I can think of no legitimate purpose for this time delay. Without reservation, I advise all my computer support clients to uninstall Ask.com and its toolbar. None of them has ever protested!

Most antimalware programs (such as Malwarebytes) consider Ask.com and its nasty toolbar to be “PUPs” – ie “Potentially Unwanted Programs”. This means that they are (rightly) classified as malware and antimalware programs will offer to remove all traces of Ask.

If you should happen to inadvertently introduce it onto your computer it can be tricky to get rid of it. There’s not enough room in this post to go into detail about all of the possibilities for removal, but these are the general areas to check out:

  • On a Windows computer, check out the Control Panel’s “Programs and Features” to see if there’s anything there that you can uninstall (there may be, or there may not be). In Windows XP (tut tut, if you are still using it), look for “Add and Remove Programs” in the Control Panel.
  • In your browser, look for the option that lets you stipulate your chosen search engine and change it from Ask.com.
  • If it’s hijacked your home page, then look for the option to change that as well.
  • Run an antimalware program (such as malwarebytes) and confirm that you would like the program to remove it after it has been identified.

The best way to stop it getting onto your computer in the first place is to be very careful when installing ANY software that there isn’t a notice (with a ticked box) saying it will install Ask.com or its toolbar. If there is such a box, make sure you untick it.

Also, be very careful downloading anything at all from software download sites such as Softonic, Brothersoft, or Cnet. They have their own “installers” that will try and sneak rubbish like Ask.com past you when installing something else. I have deliberately not provided hyperlinks for those three sites as I don’t encourage anyone to use them. Always, always, always, try to download software from the site of the creators of that software. Downloading from anywhere else means that you run the risk that devious sites will try and sneak something past you.

Lincoln Imp

The Lincoln Imp

Sorry if all of this sounds a bit negative, but this is the reality. The internet is global and it’s open to all. That means that it attracts the morally-challenged as well as decent companies and people. I wouldn’t want to put anyone off from using the internet. That would be throwing out the baby with the bathwater. Nevertheless, we do have to be careful whenever we download anything.

Note that there is a comprehensive guide to removing Ask.com at Malwaretips.

Answer: “The Imps” or “The Red Imps”. Why? – see http://lincolncathedral.com/visit-us/lincoln-imp/

You are browsing the web when a popup message box suddenly appears suggesting that you have been infected with something, or are at risk of something, or you are being offerred something unexpectedly (and suspiciously).

You don’t know whether it’s genuine or not and you may or may not be familiar with the website that you are visiting.

The options it seems to offer may be clear or ambiguous, attractive or unappealing, well-written or illiterate. Actually, none of that matters very much. What matters is whether you think that the message is genuine or is something you would prefer hadn’t popped up and which you’d like to get away from as quickly as possible. If you think that the message is benign and you are prepared to go along with what it suggests then the rest of this article does not apply.

If you are still reading, then you are concerned about the situation and you do not trust the message.

What do you do?

My advice is straightforward:

DO NOT

  • Click on the option that seems to offer a solution to a problem you didn’t have 30 seconds ago (and which you probably don’t have now)
  • Spend five minutes agonising over the potential consequences of the different options.
  • Try to work out the motivation of the perpetrators
  • Click on the “X” at the top righthand corner of the box to close it. Note: I just said DO NOT click on the “X” ……….

DO

  • Get out of the situation ASAP

    Clicking on any button in the box – even the “close” button – can have any consequence that the perpetrator has designed. All (s)he is interested in is getting you to click on something so that the master plan is triggered into action. I repeat, do not click on ANYTHING in the box – even the close button.

    Instead, close the browser (Internet Explorer, Firefox etc) immediately using the Task Manager. This is achieved as follows:

    Task Manager window with browsers loaded

    1) Right-click on the clock at the bottom right-handcorner of the screen.
    2) Left-click on the “Task Manager” option.
    3) Left-click on the “Applications” tab.
    4) Look for the line(s) in the list that relate to your internet browser. In the example here I have four different browsers running – Chrome, Opera, Firefox, and Internet Explorer. Note that the description against each browser icon is the title of the web page that is being displayed in that browser window at the moment (eg I am looking at the BBC website in my Chrome browser). In this example, I have no programs loaded other than the four browsers. You would normally see the entry for your browser amongst entries for other open programs (eg Word, Excel).
    5) Click on the line for the browser in which the popup has just occurred.
    6) Click the “End Task” button.
    7) If you happen to have that browser open in several windows, such that there are several lines for it in the Task Manager, then I would recommend closing all of them.
    8) Close the Windows Task Manager by clicking on the “X” (top right-hand corner).

  • Run the “on demand” scanner of your antivirus program to check whether you machine has been infected

    As far as I know, all antivirus programs have the ability to run a complete scan of your computer “on demand”. If you can find that option and run it then it will provide some peace of mind. If you can’t find this option then your antivirus program is probably set to run a complete scan automatically once a day anyway so you will probably know in 24 hours if you did, in fact, “catch” something.
  • Consider downloading and running an antimalware program

    Be very very careful if downloading any other antimalware program as some of the offerings are exactly the opposite – malware disguised as antimalware.

If you need more help, remember that my remote control support service is available – see http://www.davidleonard.net/remote-support/

© 2011-2017 David Leonard
Computer Support in London
Privacy Policy Suffusion theme by Sayontan Sinha