bunchuu

Level 7
Verified
Recently, I stumbled on article from Bitdefender blog that claim they have released "a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families"

Their previous vaccine/version seem to protected /appdata and several folder that have higher possibility infected by ransomware.

Has anyone tried this latest version of BD anti ransomware?

here is the link

It is also covered in softpedia news:
Vaccine for CTB-Locker, Locky and TeslaCrypt Ransomware Released
It's better to prevent than to pay the ransom
Mar 28, 2016 17:35 GMT · By Catalin Cimpanu
Romanian security vendor Bitdefender has updated its vaunted anti-ransomware vaccine to add support for the latest versions of the CTB-Locker, Locky and TeslaCrypt ransomware families currently ravaging users all over the globe.

The Bitdefender Anti-Ransomware toolkit has been around for some years now, ever since crypto-ransomware started to become popular and users understood that once locked, recovering the files was almost impossible without paying the crook's ransom fee.

Luck also plays a role if the ransomware contains encryption flaws that allow security researchers such as Fabian Wosar to create decryptors for various variants. But these situations are very rare, and often found in smaller, newly appeared ransomware families, not older trialed and tested variants.

An anti-Locky vaccine is needed these days
As your doctor always tells you, it's better to prevent than to cure. So, to help users in staying safe against ransomware threats, Bitdefender has now added a much-needed update to its anti-ransomware toolkit, which until now included support only for the CryptoWall and CryptoLocker families.

The most recent version, 1.0.11.26, includes additional support for CTB-Locker, Locky and TeslaCrypt.

While CTB-Locker seems to be dormant these days, Locky has just appeared on the ransomware scene. On the other hand, TeslaCrypt has seen a resurgence these past weeks. In fact, CryptoWall, Locky, and TeslaCrypt, in this order, are considered today's top 3 most popular ransomware families.

Research in cracking crypto-ransomware needs to continue
"The new tool is an outgrowth of the Cryptowall vaccine program, in a way," Chief Security Strategist Catalin Cosoi explained. "We had been looking at ways to prevent this ransomware from encrypting files even on computers that were not protected by [the] Bitdefender antivirus and we realized we could extend the idea."

Last week, security researcher Sylvain Sarméjeanne was exploring scenarios in which he could abuse bugs in the Locky ransomware to create a vaccine against the threat.

His work never materialized into a concrete vaccine, but let's face it, he doesn't have the resources Bitdefender does, a company which alongside Kaspersky is widely considered the best antivirus solution around.

Also last week, we had a small interview with Sean Williams, the creator of Cryptostalker, a tool to detect crypto-ransomware on Linux systems. The tool is still in its early stages of development, and Mr. Williams also wants to port it to Windows and Mac.
here is original link
 
Last edited:

shmu26

Level 82
Verified
Trusted
Content Creator
it lists the ransomware families it protects against, and petya is not one of them.
 
H

hjlbx

it lists the ransomware families it protects against, and petya is not one of them.
PETYA is too new; Bitdefender hasn't added protections against it yet. Such things take time. That is why it is better to configure your security system to block anything newly introduced to the system from executing. You can accomplish this with AppGuard (paid), NVT ERP (free), COMODO - by setting the auto-sandbox rule for Unrecognized files to Block, VooDooShield (paid), etc.

Better yet - just don't download and try to execute any unknown files. It's that simple to protect your system from most infections.
 

bunchuu

Level 7
Verified
PETYA is too new; Bitdefender hasn't added protections against it yet. Such things take time. That is why it is better to configure your security system to block anything newly introduced to the system from executing. You can accomplish this with AppGuard (paid), NVT ERP (free), COMODO - by setting the auto-sandbox rule for Unrecognized files to Block, VooDooShield (paid), etc.

Better yet - just don't download and try to execute any unknown files. It's that simple to protect your system from most infections.
Let's hope they will find something to deal with petya, meanwhile I'm curious with the prospect of this tool since they said "protect against known and possible future" of well known ransomware families.
 
  • Like
Reactions: upnorth

shmu26

Level 82
Verified
Trusted
Content Creator
The support from HitmanPro.Alert reports that this bitdefender freebie was tested and found to be compatible with HMP.A -- but won't add any additional protection, in their opinion.