Search Knowledgebase: |
Ransomware Detection
Ransomware is a type of malicious program that will encrypt many of your documents (text documents, photos, videos, etc), make them inaccessible and demands a payment to provide a decryption key (or a program) to remove ransomware from the infected computer. If you're sitting in front of your PC, you'll know very quickly if you are infected with Ransomware because it will likely prompt you for payment to decrypt your files. If you have WebSite-Watcher running 24/7 on a server or separate PC, you'll probably not realize that something is wrong. With the "Ransomware Detection" feature, WebSite-Watcher will regularly check if a certain reference file has been changed or deleted. And if so, you can get notified. This feature only works while WebSite-Watcher is running.
How does it work concretely
When WebSite-Watcher is started, a unique RTF file will be created on your hard disk. As long as WebSite-Watcher is running, this file will be monitored for changes. If this file is changed or deleted, the following will happen:
| 1. | WebSite-Watcher will stop all running tasks, for example to check bookmarks, send emails, etc. |
| 2. | WebSite-Watcher will lock and protect as many important files in the WSW folder as possible to prevent encryption (these files will be locked as long as WebSite-Watcher is running). For example bookmark databases, configuration files, AutoBackups, etc. |
| 3. | A window will be displayed on top of all other applications |
| 4. | Optional alert by e-mail (the message will be sent on-the-fly without saving it into an Outbox on your hard disk) |
| 5. | Optional alert via Pushover (the push message will be sent on-the-fly without saving it into an Outbox on your hard disk) |
| 6. | If you use the WebSite-Watcher App and check the special bookmark WSW-for-Windows, you'll also get a notification that your PC was infected with Ransomware. |
How to test this feature
The "Ransomware Detection" configuration includes a "Test this feature..." button. If you click this button, the reference file is deleted as soon as you close the program configuration. You should then see an alert after a couple of seconds.
How secure is it?
There's no guarantee that WebSite-Watcher will be able to detect all types of Ransomware infections using this technique. WebSite-Watcher is only able to detect an infection if the reference file is changed (encrypted) or deleted, this only works as long as WebSite-Watcher is running. WebSite-Watcher cannot stop encryption of documents on your hard disk nor prevent infection with Ransomware. If Ransomware doesn't encrypt the mentioned RTF file or if WebSite-Watcher is not running, then WebSite-Watcher is not able to detect an infection.
Enable Ransomware Detection
| 1. | Open the program configuration |
| 2. | Select the "Advanced" tab |
| 3. | Select "Ransomware Detection" on the left side |
| 4. | Enable Ransomware Detection and how you want to get notified |
The following video shows the warning message on the PC, the RTF file is deleted via the "Test this feature" button.
