Acronis Ransomware Protection - Review 2022

Malware comes in many varieties, and theoretically your antivirus should handle them all. Even so, it'south smart to add an actress layer of ransomware protection. If your antivirus misses a brand-new Trojan or virus, well, it will probably catch it with the side by side update. Only removing ransomware doesn't undo the damage. You still don't have your encrypted files dorsum. That's why adding something like the free Acronis Ransomware Protection is a smart move.

Acronis introduced its Active Protection technology as role of its Acronis Truthful Image fill-in utility. Acronis Ransomware Protection offers precisely the same technology for gratuitous and throws in 5GB of hosted online fill-in every bit a second line of defence force. Naturally, the company hopes you lot'll like it so much that you jump for the paid backup product.

Getting Started With Acronis Ransomware Protection

Downloading the utility, signing up for an account, and running the installer takes just a few minutes. Later on a short tutorial, the product goes into action immediately, rating all agile processes as rubber or suspicious. Unlike the simple, static displays of RansomFree and Malwarebytes Anti-Ransomware Beta, Acronis shows a colorful moving graph of agile processes over the last few minutes. Green represents safety processes, while suspicious ones bear witness up as blue. A cerise line on the graph indicates detection of behavior suggesting ransomware.

Your setup isn't complete until you identify of import files for online backup. Doing so is as elementary as dropping files or directories on the plan's main window. Y'all tin add more files for protection at whatsoever fourth dimension, up to the 5GB limit.

Ransomware Blocking

When Acronis detects suspicious action, it pops up a warning window and asks you lot whether to trust or block the process. If you're busy using an archiving programme to shrink and encrypt files, merely click Trust. If the message is unexpected, click Block.

After you lot click Cake, another popup offers to recover any affected files. Note that this doesn't mean restoring from a backup. Acronis can recover whatsoever such files from its local cache. The fill-in is an boosted line of defense. On the run a risk that recovery wasn't effective, Acronis retains the encrypted files in a defended binder.

This 2d popup besides states, "You can blacklist this process to cake it permanently," which confused me just a scrap. There was no link to blacklist the program, and of course information technology didn't announced on the Manage Processes view because Acronis already terminated information technology.

I found that running the same sample twice and blocking information technology a second time got a slightly different result. The alert popup added a checkbox titled "Call up my choice for this process," checked by default. This fourth dimension clicking Cake actively blacklisted the process and offered a link to the Manage Processes page.

My contact at Acronis confirmed this is working every bit designed, and indeed it is effective. However, I think the messaging could be clearer.

Acronis in Action

The only way to really be sure a ransomware protection product works is to expose it to real-world ransomware. I have a one-half-dozen samples that I employ for this kind of testing. Acronis blocked all simply one of them, which is better than many. RansomFree besides missed one. CryptoPrevent Premium missed half the samples, and some of those that information technology caught managed to encrypt numerous files before detection.

Bitdefender Anti-Ransomware also missed half of the samples, but I should point out that Bitdefender doesn't try to detect ransomware beliefs. Rather, it vaccinates the system confronting known ransomware past planting flags that make the system look like it's already infected.

On the flip side, Malwarebytes and Cheque Signal ZoneAlarm Anti-Ransomware caught all my samples, though ane sample managed to encrypt a scattering of files before Malwarebytes zapped it. ZoneAlarm'south just error was reporting that it failed to restore all files in one instance, when in fact it succeeded.

Before I had bodily ransomware samples, I wrote a very simple ransomware simulator that I called FakeCryptor. It launches at startup, seeks text files in the Documents folder, and encrypts them using a simple, reversible algorithm. Behavior-based detection systems frequently don't detect this simple-minded tool, because it's non using the serious encryption algorithms found in real ransomware. Acronis didn't mark it as suspicious, though RansomStopper and Tendency Micro RansomBuster did. That'due south non a black marking for Acronis, equally this program is not actually ransomware.

In testing, I institute that CyberSight RansomStopper caught my FakeCryptor program when I launched information technology manually, but non when it ran at startup. That suggested a new test. I took a ransomware sample that Acronis definitely foiled, dropped it in the Startup folder, and rebooted the system. Like RansomFree, Acronis successfully blocked the ransomware attack at system startup.

I recently obtained a sample of the dreaded Petya ransomware. This one's different. Rather than encrypting specific files, it performs whole-disk encryption, significant that you lot can't use your computer at all. I've only tested a few products with Petya, and results are mixed. Like RansomStopper, Acronis caught the attack earlier it could do any harm. But Cybereason RansomFree and Malwarebytes focus strictly on file-encryption ransomware, then they missed it.

Simulated Ransomware

Security intelligence company KnowBe4 offers a free ransomware simulator called RanSim. This tool runs 10 helper programs that simulate 10 different types of ransomware behavior, likewise as ii processes that perform legitimate encryption tasks and thus shouldn't exist blocked. I gloat high scores in this examination, but don't penalize for depression scores. Later all, these are but simulations, not actual ransomware. RansomFree, for example, ignored them completely, as did RansomStopper.

Like RansomBuster, Acronis detected and blocked all 10 of the fake ransomware attacks and incorrectly blocked one of the innocent processes. ZoneAlarm eliminated all the helper processes before they could launch, leaving RanSim unable to offer a score.

Other Approaches

Like most ransomware protection tools, Acronis relies on beliefs-based detection. It also includes ii levels of file recovery, the local cache and the online backup. But these aren't the only approaches to foiling ransomware attacks.

As noted, Bitdefender'due south gratis anti-ransomware tool fools certain known ransomware types into thinking they've alrady infected the system. Bitdefender Antivirus Plus does quite a bit more. In add-on to beliefs-based detection of ransomware and other malware, it blocks unauthorized modification to any files in folders y'all designate for protection. If it pops up when you use a new epitome editor for the commencement time, just whitelist the program. If information technology pops upwardly when you haven't done anything, block the attacker.

Trend Micro Antivirus+ Security and RansomBuster also block unauthorized access to protected files. Panda Cyberspace Security and IObit Malware Fighter 5 Pro take things a step farther, preventing unauthorized programs from even reading protected files.

Webroot SecureAnywhere AntiVirus takes an unusual arroyo to malware detection in general. When information technology encounters an unknown procedure, it starts journaling all activity and sending behavioral information to its cloud-based analysis organization. It also prevents any non-reversible actions such as transmitting your individual information out of the reckoner. If the cloud arrangement decides the process is malicious, Webroot terminates it and reverses all of its action. This process can contrary a ransomware assail, though Webroot warns that at that place's a limit on how much action information it can cache.

A Fine Selection

Acronis Ransomware Protection is a fine addition to your security armory. It works alongside your antivirus every bit a second layer of defense confronting ransomware attack. For yet another layer of protection, information technology offers cloud backup for 5GB of your almost of import files. Given that they're both gratuitous, y'all may also want to try Cybereason RansomFree and Malwarebytes Anti-Ransomware earlier making a last decision.

Our Editors' Choice in the realm of ransomware protection isn't free, though it'due south not expensive. Check Point ZoneAlarm Anti-Ransomware costs $two.99 per calendar month for three licenses. It turned in first-class performance in our easily-on testing, detecting all the ransomware samples and correctly recovering all files. Its but fault was incorrectly reporting that it hadn't successfully recovered files.

Source: https://sea.pcmag.com/acronis-ransomware-protection/19313/acronis-ransomware-protection

Posted by: craftauneance.blogspot.com

Share this post