As ransomware attacks become more frequent and target computer users at global level, security companies strive to provide robust solutions to effectively fight against such malware. While one of the "weapons" could be informative campaigns to deliver guidance for Internet users, another is dedicated applications that can detect and block file encryption attempts.
ZoneAlarm Anti-Ransomware promises to provide on-going protection against ransomware attacks by analyzing the entire activity on your computer and detecting suspicious components or actions. Its goal is to deliver a proactive blocking system against ransomware threats without interfering with the local antivirus system. In other words, it ensures compatibility with all major antivirus software.
Once installed on your PC, ZoneAlarm Anti-Ransomware enforces an additional security shield that keeps ransomware at bay. The application blocks any malicious attempt to encrypt files or even the PC itself, which turns it into a reliable weapon against this kind of threat.
Its main window is simple and only displays your computer's current security status. You will notice that it also runs in the system tray and, from the tray menu, you can turn anti-ransomware protection off, although that is not advisable.
Any file that got to be encrypted during a potential ransomware attack is restored by ZoneAlarm Anti-Ransomware. As the behavior of a ransomware trojan is easily recognizable, the application promises to handle zero-day attacks with high efficiency as well. Nevertheless, it's always a good idea to create periodical data backups, use a permanent security solution and pay a close attention to potentially dangerous websites and the packages your are downloading from the Internet.
ZoneAlarm Anti-Ransomware ReviewRead more
welcome everyone to another malware geek review today we're going to be taking a look at something one of my viewers sent me last night and that is zone alarm anti ransomware this particular product is geared specifically at preventing ransomware hence the name and it is fairly simplistic on the user interface there is nothing really to it it's just the UI we really wish they had some eight options so that you could change some settings but really there's not a whole lot to it you have to turn off the anti ransomware module by going down here to the taskbar and shutting it off other than that there's nothing to it this is geared towards protecting your files and restoring them in case of a ransomware attack if we take a look at their websites here basically you know they tell you you know every 10 seconds someone gets hit by ransomware ransom proof your PC well I'll be the judge of that gives you a little synopsis of what ransomware is how they protect you supposedly it analyzes suspicious activities detects ransomware attacks and blocks them or restores the files Auto File restoration so supposedly it's able to restore your encrypted files and it blocks ransomware attacks now a couple of complaints right off the bat related to this product in order to get their 30-day trial you have to give them payment information which I feel is a bit intrusive I really don't feel that I should have to give you payment information just for a 30-day trial but maybe that's because they haven't built in any kind of trial into the actual product so they start charging you after 30 days if you don't cancel also the installation product the installation procedure of zone alarm anti ransomware is quite long and annoying for such a simple product so anyways those notes aside let's go ahead and start testing the ransomware protection module is active I have some selected ransomware here I have a couple of new samples here one of them is a j/s downloader one is in a zip file I'm going to try different scenarios and see how zone alarm anti ransomware responds I have kill switch on the machine here so that we can see the ransomware action in memory I also have some pictures and documents loaded on to the machine so that we can see if the ransomware starts encrypting things and if zone alarm anti ransomware is able to protect the files or restore them either way you can see some of my lovely pictures here give me just a second here ok so I have some pictures here in my pictures folder this is very interesting these may have been added by zone alarm anti ransomware as what they call trap files if the ransomware starts to encrypt these files this may be a way for zone alarm anti ransomware to detect the actual ransomware activity not sure how well that's actually going to work but we'll see the rest of these are the pictures that I've loaded on the machine I actually took the sample pictures out of dear their default directory and added them into the pictures library along with a couple of my own pictures here we have some documents and again it looks like there are some trap files in here because the only ones that I did have originally loaded were the totally important document and the other important document so it appears that zone alarm anti ransomware added some trap files in here to see if the ransomware would actually attack these files so we'll see how well that works so I have a kill switch up here like I said we are going to attempt to try different scenarios to see how zone alarm anti ransomware functions and if any kind of ransomware activities such as jst loader or a zip file is able to trick the program so give me just a second let me make sure everything is good to go and I will be right back okay everything is good to go let's go ahead and start testing here so the first ransomware sample that I'm going to execute is this jazz downloader I believe this one downloads the globe ransomware or some kind of fairly new ransomware sample I'm actually not sure exactly which ransomware payload this jazz downloader does download but we will find out so let's go ahead and execute it okay it appears that the payload has made it into memory and it appears it to have been detected by zone alarm anti ransom winter the anti ransomware is analyzing and stopping the attack and says do not restart your PC let's see if our documents and pictures have been affected not right now let's look at our documents nope nothing here the two documents that I care about are the totally important document and the other important document the ransomware is still in memory and the alarm has not terminated it yet so I'm going to let this machine run for a minute and then I'll be back once done alarm either gets rid of the file or our files are encrypted so I'll be back okay so after a few minutes of letting this machine run it appears that the ransomware was successfully able to encrypt our files and zone alarm is still analyzing and stopping the attack well the interesting thing is is that the ransomware is no longer in memory and it appears that his own alarm is stuck it still says it's analyzing and stopping the attack well the ransomware attack is over the file has terminated and our files are encrypted the only file that survived actually this one didn't survive even now that I look the extension it's a dot seven to six extension I don't believe I'm able to open this one either no I can't so it appears that zone alarm anti ransomware has failed the first sample because it's still stuck and our files are encrypted and it hasn't restored them didn't stop the attack then block the ransomware so not really impressed at the first first sample there so I'm going to go ahead and restore this machine back to a clean state and then we'll try the second sample so anyways I'll be back ok we are back to a clean state I will show you my pictures my picture on the desktop is back as well as our documents our back to a restored State our pictures are also back in a restored State so now we are going to try the second sample which is in a zip file so I have to extract it well nevermind I guess that's empty so we will just call that one gone so in this other folder here we have some popular ransomware samples of the last year or so including seitan a Pecha mole ransomware jigsaw server and want to cry the first sample I'm going to try as normal is jigsaw which is a dotnet framework based ransomware hopefully zone alarm anti ransomware is able to do something about it so we will bring Killswitch up once again and we will go ahead and execute jigsaw there's the fake error message it has dropped the payload we will see if zone alarm catches it well there goes my first my file on the desktop it has detected it let's see if it can stop this one or if it hangs again so I'm going to let this machine run for a minute and we will come back and see if it has done anything about it so I'll be back okay so after letting the Machine run for quite some time zone alarm anti ransomware has finally responded and says that it's quarantined the ransomware well the ransomware was no longer present in memory so I don't know if it left over a file or what the deal was but it says it quarantined the ransomware it says it can repair our files which have been encrypted so let's see if that's actually the case as you can see all the pictures have been encrypted as well as our documents so let's repair these files okay so it says that all of these have been encrypted so let's repair them okay cool it has actually restored our files and it appears to have deleted the actual ransomware files let's check to see if these are accessible wow that's really cool that is exciting it was able to stop the ransomware jigsaw but it took quite a long time to do that so but in the end it did restore the files excellent now we will try server and see how persistent it can be so let's bring up zone alarm anti ransomware and execute server all right I'm going to let this machine run for a while a server begins to do its thing in memory and we're going to see if zone alarm aunty read some work and catch it so I'll be back in just a few minutes okay so server has done its thing it's left its little ransom note here is taken over the desktop with its nice little server ransomware desktop background here our file on the desktop is encrypted let's check our documents yep our documents nope doesn't appear to have well it encrypted some of these but it looks like my one document is untouched let's look at our pictures our pictures appears to have encrypted a couple of them but most of them are untouched so this sample of server is a little weird so we will see as on alarm is able to restore these files specifically the one on the desktop which is encrypted and there is no other copy of it so I'm gonna let this machine run for a while well zone arm is trying to remove the ransomware so I'll be back okay so after letting the machine set for I don't know 10 or 15 minutes here the anti ransomware module is still trying to reverse the changes that server made so instead of waiting for this to restore these files I'm going to go ahead and try I'm going to go ahead and try want to cry so I'm going to I'm going to reverse this machine back to a clean state and I'm going to try want to cry and then we're going to try the Master Boot Record encrypting malware to see how zone alarm responds to that but this review is taking way too long and it's taking away too long for zone water manty ransomware to really restore the files so I'm going to go ahead and restore this machine to a clean state because this is taken well over ten or fifteen minutes for this to actually function and it's just it's taken way too long so I'm going to go ahead and restore this machine to a clean state so I'll be back once again we have restored to a clean state no more of that server ransomware crap on the desktop our picture on the desktop is once again accessible our documents are once again accessible and our pictures are also once again accessible so this time we are going to try one a cry which is the recent epidemic and we are going to see if it can handle want to cry then I'm going to try Petya which is a Master Boot Record encrypting malware because I don't think I'm not convinced that this product can actually stop petty up from encrypting the Master Boot Record but we will see so anyways let me start Killswitch up again oops there we go and let's let's go ahead and execute wanna cry it has actually hidden the ransomware folder on the desktop and starting to extract the stuff it has encrypted my picture on the desktop it is not deleted the actual original file yet it has been detected by széll arm let's see what our documents look like now it's encrypted them but it has not deleted the original copies yet so once again I'm going to let this machine run for a while and see if zone alarm is able to get rid of the ransomware or reverse the attack still do you wanna cry executable is in mouth is in memory so we'll see what happens here so I'm gonna let this machine run for a while and I'll be back okay so once again it appears that zone alarm is taking quite a while to reverse the changes made by want to cry our documents have been encrypted and the actual original files have been deleted and our pictures have been encrypted as well funny enough it didn't touch this one which is weird the ransomware is also still running around in memory it has not been terminated by the anti ransomware module it's still running around in memory and it is fairly active in memory as you can see it is pounding away at the CPU and still doing whatever it wants and has not been terminated so once again it appears that the ransomware anti ransomware module has detected the attack but it has not gotten rid of the actual ransomware executable and it was able to delete the original copies of our pictures and documents even after zone alarm anti ransomware detected it so I'm going to go ahead and restore this machine to a clean state that I'm going to try the last sample which is going to be Pecha because I feel like this kind of thing is going to keep happening if I try the other ransomware samples again still alarm because it just seems like it's taking a very very very long time to analyze the attack and reverse the changes so anyways I'm going to restore the machine to a clean State once again and then we're going to try patchy so I'll be back once again we've restored this machine to a clean state and now I'm going to try Pecha I'm not really convinced that this product is going to stop pet chip but we're going to try anyway let me get Killswitch up and running in just a second while it starts up here okay so I've got Killswitch up here so we are going to execute petia and see if it can be stopped by zone alarm anti ransomware Pecha generally restarts the machine and interestingly enough Pecha has crashed very interesting it appears that zone alarm detected it and Pecha crashed so that's interesting well that's good to see let me let me restore the machine back and we'll try say Tana once again we are back to a clean state I'm going to try say Tana to see what happens shaitana is in-memory we do have a payload here that was just dropped some random executable and it appears that we have some errors happening here but we can't seem to get rid of the error messages here so once again the payload is in memory it has been detected by zone alarm auntie ransomware but it appears that the payload is still fairly active in memory well it's not taking a lot of CPU which is what happened with the previous samples so I'm going to go ahead and restore this machine back to a clean state I'm not going to wait for this to actually quarantine and reverse any kind of changes or anything like that and I kind of want to talk about it so I'm going to restore this machine back and then we'll talk about the results and finish up this review ok so now that we are back to a clean state I want to go ahead and finish up this review and give you guys my overall opinion on zone alarm anti ransomware now it is a good thing that the anti ransomware module is detecting ransomware attacks it is not oblivious to what is going on however I see a few problems with this product first of all it does allow the ransomware to run around in memory even after the after the attack has been detected and that is a tad bit concerning if you detect a ransomware attack find the file and terminate the file that's causing the problem don't let it run around in memory because I feel like this product is actually letting the ransomware run around in memory and then it's trying to reverse the changes what I would like to see is terminating the file so that the ransomware attacks stops and then try to reverse any files that the ransomware was able to encrypt instead of the other way around where you let the attack happen and then reverse the changes it is an interesting concept I do like the fact that it does reverse the files that were encrypted as we saw in the jigsaw attack but it seems like if it is a very sophisticated ransomware sample such you want to cry or the first sample I executed it just seems like zone alarm anti ransomware takes quite a long time to reverse the changes and it seems kind of unpolished in the back end so I would like to see them maybe you know change the way that they handle the ransomware in terms of terminating the actual malware file and then try to reverse the changes because it just seems like it's letting the ransomware do whatever at once and then is trying to quarantine it and reverse the changes which just seems a little silly seems a little backwards so anyways I hope you guys enjoyed this review if you did please like and subscribe share this with your family and friends right now I'm going to say it's a no-go on this particular product but it is an interesting concept and it's not a total fail because it does actually work but it just seems like it's a little unpolished on the back end and right now I just don't feel like this product is worth the money they're asking for I feel you can get better performance out of a good behavior blocker or Hipps engine but again it is an interesting concept and I do think that they do have a bright future with this product so I hope you guys enjoyed this review and I will talk to you later
|File Size: 89.4 MB||Downloads: 2321|
|Added: Mar 12th 2018||
User rating: 3.4
Company: Check Point Software Technologies Ltd - -
|Supported Operating System: Win 7, Win 7 64 bit, Win 8, Win 8 64 bit, Win 10, Win 10 64 bit|