No antivirus is perfect. They all occasionally miss a brand-new attack. Sure, within a few days, most security companies will push out an update that eliminates the new threat, but once ransomware has wrecked your files, that’s no consolation. Bitdefender has long been on the cutting edge of ransomware protection, and the current edition includes several layers that aim to protect you even against brand-new ransomware strains.
The Advanced Threat Defense feature supplements regular antivirus scanning with behavior-based detection, including ransomware detection. Network Threat Prevention blocks the exploit avenues some ransomware attacks rely on. At the first hint of a ransomware attack, Ransomware Remediation backs up important files and restores them after Bitdefender neutralizes the attack.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Ransomware necessarily modifies your important files, replacing them with encrypted versions. One simple defense is to ban all changes to files in protected locations unless the program making the change is authorized. Avast Premium Security, Panda, and Trend Micro are among the suites that employ this type of ransomware protection. You’ll also find a similar technique in the Safe Files component of Bitdefender’s Mac antivirus.
There are a few problems with this technique. First, it adds a speed bump whenever you edit files with a new valid program. Second, and more importantly, it relies on the user to decide whether a file is trustworthy. Maybe you weren’t paying attention. Maybe your finger slipped, and you clicked Allow by accident. You could accidentally release an attack. That’s why Bitdefender retired Safe Files on the Windows platform, relying instead on its enhanced Ransomware Remediation and Advanced Threat Defense.
(Credit: Bitdefender/PCMag)
Testing this protection layer isn’t easy. The real-time protection components that make up Bitdefender Shield wiped out all my actual ransomware samples on sight. For testing purposes, I reverted the virtual machine to a snapshot before that initial cleanup and turned off Bitdefender Shield. I did make sure to leave Advanced Threat Defense and Ransomware Remediation active.
Nearly all my ransomware samples are the common file-encrypting type, though I have two that affect the whole disk: one encrypts the disk, and the other simply wipes its contents. In the past, Advanced Threat Defense hasn’t kicked in for those whole-disk attacks, which work by crashing the system and taking over upon reboot. This time around, it caught the disk-encrypting sample but not the disk wiper. Do remember, though, that Bitdefender’s normal defenses axed both on sight.
Even with Bitdefender’s free app, Advanced Threat Defense handled 11 of the 12 file-encrypting malware samples, totally preventing their activities. It caught the remaining sample, too, but the ransomware encrypted two files before succumbing. When I re-tested that sample using the commercial antivirus, Ransomware Remediation kicked in to restore those files; marvelous!
(Credit: Bitdefender/PCMag)
I’ve occasionally encountered ransomware protection systems that don’t start early enough at boot time and might miss ransomware loading at startup. To check Bitdefender’s boot-time protection, I copied several samples into the Startup folder and rebooted. Bitdefender apprehended them all.
Ransomware-specific protection components are appearing in more antivirus utilities, but most don’t go as far as Bitdefender. Trend Micro Antivirus+ Security is among the few others with a multilayer approach. It blocks unauthorized changes to protected files, detects ransomware behavior, and restores any encrypted files before behavior-based detection takes effect. Webroot relies strongly on behavior-based detection, and its journal-and-rollback system for handling the behavior of unknown files can even reverse the effects of ransomware.
