Bitdefender recently offered ‘a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families by exploiting flaws in their spreading methods.’ Combination Crypto-Ransomware Vaccine Released. Bitdefender also offers a Cryptowall vaccine.
Graham Cluley discusses the new vaccine as well as the generic Cryptostalker tool. He rightly points out in his article Vaccine for future versions of Locky, Teslacrypt, and CTB-Locker ransomware released that:
‘Prevention is better than cure… especially when cures may be impossible’
Bitdefender’s Bogdan Botezatu makes it clear in an article by Lucian Constantin that the vaccine is meant to complement other security measures, not replace them.
‘Vaccine’ programs have been around pretty much as long as malware, though the type of program to which the label is attached may vary widely. However, the term is often applied to programs that take advantage of malware that inserts a recognition marker into a compromised program or system, for example as a registry entry, so that it knows that the system has been compromised. Vaccination inserts the same marker to fool the malware into thinking that compromise has taken place.
Such techniques have their place, but their useful lifespan is likely to be limited as malware authors realize that they are being used, and change their markers or their approach to recognition marking accordingly.
The problem for the end user is that that their system may be threatened after the recognition marker has been changed and before the vaccination tool has been updated. If, indeed, it is updated. Mainstream security companies do try to maintain such free tools consistently (but not necessarily promptly enough to avoid the problem). However, there have been instances of freeware from other sources that may have been effective initially, but when support and maintenance ceased, they became a danger to their users simply because those users were made vulnerable by a false sense of security.
All credit to Bitdefender for adding to the protective options available for end users. I’m just worried that some users of similar tools will place all their faith in them without taking all the other precautions that can help to keep them safe (or at least safer) from ransomware.