Ransomware Remediation

SplittingDistant

It looks like some users are experiencing problems with Ransomware Remediation. I've also experienced a issue, and currently it seems more trouble than it's worth to be honest.

I've had to turn it off because within 5 minutes of updating to BD IS 2019 as it flagged and "recovered" files from two different applications, neither of which were actually ransomware.

1. Spideroak ONE, created .txt files as part of it's Directory Monitoring process, these were incorrectly flagged as needing recovery following ransomware activity.

2. qBittorrent amended two .py files as part of an application upgrade and these two were incorrectly flagged as needing recovery following ransomware activity.

If it does that within 5 minutes, I'm concerned about how often it will give false positives that I don't really have time to sort out, and as a result it's now turned off.

I'm also struggling to understand how "Ransomware Remediation" and "Safe Files" relate and interact - for example, if all your important files are in folders nominated in "Safe Files" then surely Ransomware Remediation is redundant as the files can never be subject to a ransomware attack anyway.

So what does Ransomware Remediation actually do? It appears to me to monitor changes to files throughout the file system  and if it considers that the application changing the file is ransomware it somehow isolates the file and automatically (or manually by user intervention) recovers the original file by decryption, and restores it. So if it flags an application as ransomware incorrectly presumably things can get a little chaotic as any amended files are isolated / decrypted / recovered - all when there was nothing wrong with them in the first place.

Looking through these forums it does seem that quite a few common applications are being incorrectly flagged as ransomware by BD 2019.

 

Sergiu C.

Hi, 

 

Yes, Ransomware Remediation basically backs up some files that are likely targets for Ransomware, and restores if modified by a suspicious app (apps that are not digitally signed for example).

You can also check the user guide for a few other details:

https://download.bitdefender.com/resources/media/materials/2019/userguides/en_EN/bitdefender_ts_2019_userguide_en.pdf?ver=1

(page 120)