The year 2015 was probably that of ransomware and the year 2016 which begins should be in the same line. Especially since versions of these ransomware targeting Linux systems are starting to appear, as well as for mobile platforms.
In France, more than half of all malicious files disseminated by email in 2015 contained some form of ransomware according to Bitdefender. The most talked about threats are CryptoLocker and CryptoWall.
Last summer, the FBI had issued an alert concerning a version of CryptoWall whose authors allegedly extorted colossal sums. Curiously, an FBI agent had recognized that in some cases, victims of ransomware are advised to pay the ransom requested (usually in bitcoins) in order to obtain the keys to decrypt the files taken hostage by the pest.
A piece of advice that will make Anssi jump. The National Agency for Security of Information Systems is not at all on the same wavelength and believes that paying cybercriminals is not possible (and decryption will not necessarily be obtained). There remains the preventive measure with the implementation of a regular data backup.
For Windows, and this from Windows XP to later versions, Malwarebytes also introduces anti-ransomware, a first public beta version of which is now available. It can work alongside other security solutions.
This anti-ransomware does not rely on signatures and heuristic analysis. It monitors activities on a computer and identifies actions specific to ransomware. A task that is not simple since some of these pests are frequently updated. Its proactive technology is supposed to work before the ransomware affects files.
A solution which we will follow in order to know if it offers truly effective protection. The first signs seem positive in any case. During its development phase and in beta, Malwarebytes Anti-Ransomware would have detected all the latest variants of the most dangerous ransomware (CryptoLocker, CryptoWall, CTBLocker, TeslaCrypt).
Be careful however. It is indeed a beta version for the moment with the risk of bugs that this implies. Use in a production environment is not yet recommended at this stage. Remember also that Bitdefender offers for example a free vaccine against CryptoWall 4.0.