How we addressed ransomware so far
Ransomware malware is covered by ESET with a combination several technologies (Cloud Malware Protection System, Network Attack Protection and DNA Detections) since 2013.
Recently we improved the ransomware technology in the consumer segment and utilised its 100 million users as an agent network, where the products are submitting to Live Grid information about new ransomware attacks. Based on this information our automated systems and detection engineers adjust our detection and/or protective layers.
Introducing Ransomware Shield
The new Ransomware Shield is introducing another layer of anti-ransomware protection. While some ransomware variants are already detected by other ESET technologies (see above), Ransomware Shield is now being implemented in all consumer Windows products: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, and ESET Smart Security Premium.
When Ransomware Shield is active, all executed applications are monitored and evaluated using behavioural and reputation based heuristics. Whenever a behaviour that resembles ransomware is identified, it can be blocked, as well as when the potential malware tries to make modifications to existing files (i.e. to encrypt them).
Ransomware Shield will be active by default, but user interaction will be needed in case ransomware is found (notification of suspicious activity is displayed and user needs to decide whether or not to block the malware).