For the last four years, ransomware has evolved into one of the biggest threats to cyber security that I’ve seen in a long time. Names like CryptoLocker, CryptoWall, and CTBLocker keep average computer users and IT security Jedis alike up at night. For good reason: Ransomware is cunning, effective, and proliferating, and the cyber security industry hasn’t really had an answer for it.

But we’ve got one now.

Ransomware is easy to understand but hard to beat. It infects the machine, encrypts all files and then demands payment to get the files back. Ransomware works so well that most variants will even remove themselves when the damage is done, knowing you have the choice of either paying the ransomware author to get your files back, or risk losing them forever.

The ransomware we see today is so sophisticated that the advanced encryption it uses makes it impossible to get your files back without paying the ransom. Unfortunately, online and locally connected backup systems fail as an effective countermeasure. This is because ransomware actively looks for different types of backup systems and encrypts the saved files.  In the case of online backups, automatic file uploads may corrupt files thought secure.

Most of today’s security software simply cannot protect you from ransomware. Ransomware does not act like traditional malware: some are automatically updated every day, and even use polymorphic (shapeshifting!) code to evade detection. This makes it exceedingly hard to detect.

This is the type of challenge we love. When ransomware hit the headlines, we immediately started looking for a long-term answer.

Our answer started with a company named EasySync Solutions, owned by Nathan Scott, which created an application called CryptoMonitor.

CryptoMonitor was doing an excellent job of stopping ransomware at that time, but having a few ideas of our own, we acquired EasySync Solutions and hired Nathan to come work on stopping ransomware for us. Nathan has been leading the anti-ransomware technology development at Malwarebytes for the last few months.

Now I’m stoked to announce that after months of late nights and a few hundred gallons of Red Bull, Malwarebytes Anti-Ransomware is ready for beta testing.


Malwarebytes Anti-Ransomware uses advanced proactive technology that monitors what ransomware is doing and stops it cold before it even touches your files. It has no shot at encrypting. And it does not rely on signatures or heuristics, so it’s light and completely compatible with antivirus.

These methods proved to be so successful at stopping ransomware that Malwarebytes Anti-Ransomware detected all of the latest and most dangerous ransomware variants right out of development and into beta 1.

This means when running Malwarebytes Anti-Ransomware, you do not have to worry about getting infected by CryptoLocker, CryptoWall, or CTBLocker. Better yet, it can defeat new ransomware the moment it is released, proactively protecting you from ransomware that’s never even been seen before.

Malwarebytes Anti-Ransomware open beta starts today and is available for anyone to install and try out. Please keep in mind that this is the first beta and there may be some bugs or issues that need to be worked out, so we encourage you to try it out in a non-production environment first.

Any comments, feedback, or bug reports are welcome. You can find more information about participating in the Malwarebytes Anti-Ransomware beta HERE.