The Data Hijacking Protection function in Qihoo 360 Total Security watches for the behavior of ransomware.
However, instead of terminating suspicious processes, it simply prevents them from accessing files in specific protected locations such as the My Documents folder.
In testing, I couldn't push it into action.
The specific detection of Ransomware in G Data Antivirus, on the other hand, has done its job in a visible way.
When I turned off the normal real-time antivirus and released some ransomware samples, I caught them red-handed.
Quick Heal Internet Security also claims to detect ransomware from its behavior, but since it offers no way to disable antivirus protection without also disabling ransomware protection, I have not been able to test it.
Prevent unauthorized access
If a brand new ransomware program outperforms Bitdefender Antivirus Plus, it won't be able to do much harm.
Bitdefender blocks attempts by any unauthorized program to modify, delete or create files in a protected folder.
And the list of protected folders includes documents, desktops, images, music and videos, as well as folders on file synchronization services like OneDrive, Dropbox, Box and Google Drive. Avast recently added functionality very similar to Avast Internet Security and Avast Premier.
In Trend Micro's antivirus, the Folder Protection feature protects the files in My Documents and Pictures, in the local folders that represent online storage and on USB drives.
Free and independent RansomBuster protects only two selected folders and their subfolders.
No unauthorized program can delete or modify files in the protected area, although the creation of files is allowed. In addition, the company offers a ransomware hotline available to everyone, including non-customers.
On the hotline page, you can find tools to defeat some ransomware screen lockers and decode some files encrypted by ransomware.
Panda Internet Security, together with all the other products of the Panda suite, offers a feature called Data Shield.
By default, Data Shield protects the Documents folder (and its subfolders) for each Windows user account.
It protects specific file types including Microsoft Office documents, images, audio and video files.
If necessary, you can add multiple folders and file types. And Panda protects against all unauthorized access, even by reading data from a protected file, so it also avoids Trojans that steal data.
Testing this type of defense is easy enough.
I wrote a very simple text editor, guaranteed not to be whitelisted by ransomware protection.
I have attempted to access and edit protected files.
And in almost all cases I have verified that the defense has worked.
The exception was Qihoo 360, which only blocks access to programs they suspect.
The safest way to survive a ransomware attack is to keep a safe and updated backup of all your essential files.
In addition to backing up files, Acronis True Image actively works to detect and prevent ransomware attacks.
I predict that we will see similar functionality in other backup tools.
Acronis Ransomware main protection window
Acronis Ransomware Protection can restore files damaged by ransomware from a local cache.
Like its older brother True Image, it offers online backup as another recovery option, but only 5 GB of storage space.
CryptoDrop Anti-Ransomware keeps copies of your sensitive files in a safe folder that is not visible to any other process.
As noted, when Trend Micro detects a suspicious process that encrypts a file, it backs up the file.
If it sees a barrage of suspicious encryption activity, it quarantines the process and restores the backup files. ZoneAlarm also tracks suspicious activity and repairs any damage caused by processes that turn out to be ransomware.
In addition to detecting behavior-based malware, Quick Heal also maintains a silent and encrypted backup of document files.
However, restoring these files is not automatic. Once you got rid of the ransomware, you need to contact technical support for ransomware data recovery assistance.