Mac: RansomWhere is a free tool that monitors your Mac for ransomware attacks and attempts to stop them before they encrypt all your data. It does this by watching for untrusted processes and stopping them until you approve them.
The one common factor in all ransomware is that it encrypts your files, then demands payment to unlock those files. So, RansomWhere is on the lookout for that specifically. To scan you system, RansomWhere uses mathematic constructs to detect when a files gets encrypted. This leads to some false positives, since you’re probably encrypting files occasionally on purpose. Thankfully, RansomWhere gives you the option to allow or stop the process once it detects it happening.
Of course, there are limitations here. Since RansomWhere is reactive, a bit of ransomware will likely encrypt a few files before it detects anything. It also explicitly trusts and binaries signed by Apple, so there’s potential for abuse if someone targeted you specifically. There’s also always the possibility of false positives, though at the very least, Ransomwhere always gives you an out by allowing you to approve specific processes. While ransomware isn’t something that strikes many of us these days, RansomWhere is such a lightweight tool that it makes a pretty good companion to the rest of your antivirus or antimalware utilities. If you’re on Windows, we like RansomFree for the same reasons.
RansomWhere (Free) [Objective See]