RansomWhere Monitors Your Mac for Hidden Ransomware Attacks
Mac: Ransomwhere is a free tool that monitors your Mac for ransomware attacks and tries to stop them before they encrypt all of your data. It does this by monitoring untrusted processes and stopping them until you approve them.
The common factor for all ransomware is that they encrypt your files and then charge you to unblock those files. So Ransomwhere is specifically looking for this. To scan your system, Ransomwhere uses mathematical constructs to determine when files are encrypted. This leads to some false positives as you probably encrypt files on purpose from time to time. Fortunately, Ransomwhere gives you the option to allow or stop the process as soon as it detects that it is happening.
Of course, there are limitations here. Since Ransomwhere is reactive, a small portion of the ransomware will most likely encrypt multiple files before detecting anything. It also explicitly trusts Apple-signed binaries, so there is a potential for abuse if someone specifically targets you. There is always the possibility of false positives as well, although at least Ransomwhere always gives you the opportunity by allowing you to assert certain processes. While ransomware doesn’t strike many of us these days, Ransomwhere is so lightweight that it can be a pretty good companion to the rest of your antivirus or anti-malware utilities. If you are using Windows, we like RansomFree for the same reasons .
RansomWhere (free) | Purpose To See