RansomWhere is a new (free) product of theirs and aims to protect against malware that encrypts your files and then attempts to extort a fee in return for the unlock passcode. The Mac world was shocked earlier this year when the KeRanger ransomware very nearly became a major security incident, and experts have suggested that Apple products will be an increasingly popular target in the coming years.
Perhaps surprisingly RansomWhere doesn’t use malware definitions, like traditional anti-malware apps. Instead, it detects when the encrypting of files suddenly begins in an unauthorized fashion.
Says the developers:
RansomWhere? is a utility with a simple goal; generically thwart OS X ransomware. It does so by identifying a commonality of essentially all ransomware; the creation of encrypted files. …
This tool attempts to generically prevent this, by detecting untrusted processes that are encrypting your personal files. Once such a process is detected, RansomWhere? will stop the process in its tracks and present an alert to the user. If this suspected ransomware, is indeed malicious, the user can terminate the process. On the other hand, if its simply a false positive, the user can allow the process to continue executing.
A side effect of RansomWhere’s approach is that a handful of files might get encrypted before detection takes place, but once that happens you can kill the malware straight away. Of course, at that point it’s down to you to subsequently remove the ransomware. When the recent KeRanger malware hit we provided a few tips with regard to this – (1) and (2).
There’s a handful of other limitations with RansomWhere that you’ll want to take a look at, and which are mentioned on its website, but on the whole the app is certainly a step in the right direction, and can only get better as time goes on. We recommend it as one of the first things you install on a new Mac.