back to article Acronis: Ransomware protection! Get yer free ransomware protection!

Acronis has released a free, standalone version of its Acronis Ransomware Protection with AI-based Active Protection tech. It can be used alongside existing backup and antivirus products on Windows systems. The lightweight (20MB) software runs in the background and is said to monitor system processes in real-time to …

  1. Halfmad
    Windows

    Link for download may have changed since publication, it's now: https://www.acronis.com/en-gb/personal/free-data-protection/

    I'd be interested to see if anyone fancies deploying this to their estate.. so I don't have to be the guinea pig obviously

    My only concern is that free tools, well they are usually not that brilliant especially when they are part of a promotion for cloud storage. I hope this is one of the few exceptions.

    1. DocD

      Do the licence terms allow commercial use? The links suggest this is a personal solution and there's no EULA shown before the Install button is displayed.

      1. skizzerz

        Based on the very bottom of https://www.acronis.com/en-us/ransomware-protection/ it says "FREE for everyone" for this product, next to saying "Personal" and "Business" for two of their other products. As such, I believe it is indeed allowed for commercial use.

        I use Acronis True Image for my backup solution at home, which comes bundled with this ransomware protection. I have no idea how well it actually works against actual ransomware, since I've never actually had ransomware on my home network yet. I can say that it has annoying false positives with respect to Visual Studio 2017's installer for their Python stuff, where it constantly puts up prompts asking you if it's ok that some bad process named "pip" is trying to modify 2,341 files or whatever because you're doing an upgrade. I'd imagine it'd be the same if you ran pip via the command line but I've never actually tried that. I imagine that other package manager exes will cause similar false positives whenever doing upgrades.

        1. Danny 14

          if data is sent to acronis then good luck being GDPR compliant.

    2. ByTheSea

      "Link for download may have changed since publication, it's now: https://www.acronis.com/en-gb/personal/free-data-protection/"

      Installed it from the above link (the one in the article gave me a page not found). Looks OK and it's free. Early days.

    3. Excellentsword (Written by Reg staff)

      Wayward 'e' at the end of link, since been fixed. Cheers.

    4. BillG
      WTF?

      Privacy?

      Privacy Skeptic Alert: If I read this right, all my data is sent to Acronis's Cloud AI for analysis? And I need to trust Acronis to analyze my data, but not read it?

  2. This post has been deleted by its author

  3. jake Silver badge

    Snake oil.

    The only malware protection that actually works is wetware.

  4. Dave 126 Silver badge

    I've asked before, but:

    How resistant are NAS boxes to Ransomeware attacks? Do they blindy write over known good backups with corrupted files at the behest of the infected PC? Can they be configured to create a few backups on an A, B, C basis, and only allow changes any one in a 24 hour period?

    Can a NAS box be configured to only turn itself on for an hour every two days?

    1. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Re: I've asked before, but:

      @Dave This may or may not help:

      Configure a share on your NAS for backups with a new account that only has access to that share. Remove all access to that share from all other accounts. Use a backup program that allows you to use separate credentials. The purpose of this is to avoid a ransomware nasty deleting your backups.

      Yes your backup program will backup whatever you tell it to, so you need to monitor your filesystems. To mitigate this I use several approaches. A script goes off daily that looks for file changes, counts them and emails me the result - I look out for a large number of changes and odd file extensions appearing. The second mitigation is to use a grandfather/father/son backup regime - so 4 quarterly, 12 monthly, 4 weekly and then the dailys or whatever you have space for on your NAS. Really important files get a one way mirror to a remote location (NextCloud, which is also backed up) By one way mirror I mean that deletions are not sync'd. If a ransomware thing goes off, then the original un-encrypted files are still there but one day they may leave the filename intact, so that may not work. However, NextCloud does versioning so an overwrite, even with the same name will leave the previous version available.

      1. Julian 8 Silver badge

        Re: I've asked before, but:

        My understanding is that some of these ransomware do not change date / time stamps so be interested to see what method you approach to detect changes

        One way mirror can be good, but depends on how it detects changes. It may also copy over the encrypted files

        Also most of the ransomware so far only works on mounted drives / volumes

        I have 2 drives that are on my server. I have a routine that mounts them, unlocks, copies, locks and dismounts. One is weekly, the other monthly and for my data, they have numerous versions

        I have a manual copy stored at a remote location

        I have my own remote NAS running at a family friend that is constantly updated

        I have a couple of online cloud providers that are backing up my key data with various version controls.

        I can guarantee that someone will find holes in that too, or I may find I have been hit at some point and not been aware no matter how careful I am, or the creators of this crap get more inventive themselves

        The GFS backup is good, but when I used to deal with backups' I'd prefer the Tower Of Hanoi approach often supplemented with additional daily and non overwritten monthly's

    3. Doctor Syntax Silver badge

      Re: I've asked before, but:

      "How resistant are NAS boxes to Ransomeware attacks?"

      What's an NAS box? Serious question.

      If your idea of an NAS box is just something that serves up a directory exposed in your file system with all the semantics of a normal disk then it's not going to be resistant at all. Ransomware sees files on a drive, ransomware encrypts them.

      OTOH if its something like Nextcloud which operates by WebDAV then ransomware sees files, encrypts them and writes them back alongside the originals. The V in WebDAV stands for versioning. Ditto if, as someone else points out,the box uses ZFS and takes advantage of snapshotting.

    4. Alan Sharkey

      Re: I've asked before, but:

      MY Synology NAS box can create multiple backups - I do one a week and keep a 3 backup rotation. So, I have 3 weeks to fix things if I get struck by malware.

      Alan

      1. Danny 14

        Re: I've asked before, but:

        how does your backup work? VM from a host? if the synology can be seen from an infected machine what is stopping your backups being encrypted?

        1. This post has been deleted by its author

  5. Tigra 07
    IT Angle

    Nice review, but no testing? And it fails to mention if this product is reliable at all.

  6. rmason

    We are giving it a go

    We are going to throw it on a playground OU and see what happens.

  7. Anonymous Coward
    Anonymous Coward

    NAS

    Best solution is to use something like ZFS (FreeNAS etc) which has copy-on-write snapshots. You can tell it to make snapshots every 5 minutes if you want and they won't take any extra space. Then you can roll back after a ransomware attack to a time when your files were good. You could even detect a ransomware attack by checking the size of a snapshot (large=many files changed=possibly all encrypted).

  8. Anonymous South African Coward Bronze badge

    Ne'er-do-wells and their blasted ransomware... what will they think of next?

    1. Mark 85

      To quote an old saying: "Don't ask. You really don't want to know.". I shudder at what might be under development by the blackhats.

  9. Anonymous Coward
    Anonymous Coward

    Sounds

    more like we are being used as beta testers for their "AI"...

  10. Anonymous South African Coward Bronze badge
    Trollface

    Easy way to foil ransomware is to rename all your .TXT and .DOC and so on to .EXE and .COM

  11. RobinCM

    Veeam support head Gostev posted a month ago about a company that was hit with Cryptomix Arena, which encrypted all their file servers and VMs, called home, and then human beings manually deleted all their Veeam backups via Veeam itself including both local NAS copies and those in the cloud, then deleted the Veeam VM. The customer managed to recover some data thanks to storage snapshots, but I think I'd prefer some offline backups for peace of mind!

  12. EJ

    "If it's free, you are the product."

    1. Danny 14

      not always. they want to upsell. take veeam backup, the standalone backup is very very good. of course veaam want you to notice how good and then sell you the full suite.

      same here, acronis want you to huy their other stuff.

  13. Anonymous Coward
    Anonymous Coward

    When in doubt...

    dd if=/dev/sda of=****

    Seems to make a pretty decent backup as well sans "cloud".

    I tested an Android backup program sold to the public that uses busybox/dd/netcat to create backups and out of curiosity I created another netcat instance on the same target/port.

    I saw some very interesting things over my second netcat instance such as several odd URL's.

    (I don't think I was the only one getting an image of my testing device.)

  14. registered-on-register

    For NAS-Boxes, Qnap for example has a block-level-LVM-snapshot and that is reserved so even if the ransomeware writes your share to the limit, the snapshots are safe (this is where Windows VSS will fall on it's face).

  15. Anonymous Coward
    Linux

    Acronis is Windows only :(

    Why is Acronis discriminating against Linux users?

    1. Donn Bly

      Re: Acronis is Windows only :(

      Perhaps because Linux desktop users don't generally have to worry about ransomware?

  16. Jon Smit

    Epic fail

    Installed on Win 8.1. Backup failed, followed by a series of interweb lockups. Told me there were 5 iffy programs installed, but only showed 3 to check.

    Lasted 2 hours before meeting the bit bucket.

    1. aqk
      Windows

      Re: Epic fail? on Win 8.1?

      You still use old Windows 8.1??

      How long have you been bitten by the hand that feeds IT?

      Time to upgrade, young man!

      You should (re-)nstall Win-XP - TheRegister's users' OS of choice! (after Linux and MacWidcat, of course!)

  17. aqk
    Happy

    But, but.. What about us poor Win-XP users?

    As registered reggie users, we SWORE that M$ would only pry XP from our cold dead hard disk!

    Now- must we downgrade to that disgusting Windows-10 and its Lucky Charms?

    BAH! I for one will Nevah surrendah!

  18. thomas k

    While the software is free ...

    You have to create an Acronis account to use it - to receive updates and such, you know.

    Still, decided to try it out and it warned me of 3 suspicious processes right off the bat - Intel Security Assistant, some Samsung printer thingie and cmd.exe.

  19. ThatOne Silver badge
    Windows

    Needs teaching I guess

    I'm on Linux so can't use it unfortunately, but I like the idea.

    The problem with whitelisting stuff is that you need to train it, which takes time and some knowledge of what's what on your computer. IMHO that's certainly one of the reasons they don't charge for it, because if they did, they would have to put up a help desk answering a constant flood of questions about some rare shareware or corporate app nobody has ever heard about.

    But (usually) when you take the time to train them well, such apps can be very efficient. I remember one such a program having saved my bacon a long time ago while installing a brand new WinXP computer for a friend: After installing and configuring the OS, I had to connect it to the Internet to run Windows Update. I had installed a little firewall/whitelisting program on it beforehand, and that proved to have been an excellent idea because less than a minute online it suddenly asked if it should allow "wxrzs.com" (or some such) to run: Just 30 seconds online, some virus had already infected the computer! Thanks to that whitelisting program that virus never got to launch, I just forbid execution until I finally installed an antivirus which cleaned it.

    Unfortunately that firewall/whitelisting program doesn't exist anymore (AFAIK), for if you had a minimum of clue it offered some really good protection... I really miss it. :-(

    But in the hands of a clueless person it was deadly ("that 'win.com' program looks suspicious!"), which is probably the reason you don't see more of those. They'd be a nightmare to support.

  20. Prst. V.Jeltz Silver badge

    people are still using win 8.0?

  21. annodomini2
    Devil

    Translation

    "Acronis says the software uses behavioural heuristics enhanced by machine-learning models, which are generated by analysing hundreds of thousands of malicious and legitimate processes in Acronis's Cloud AI infrastructure."

    We don't know if or how it works, but thanks for all the data.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like