Products:
News
Contact
German Website
Home Features Screenshots Videos Downloads Shop Knowledgebase


Search Knowledgebase:

 

Ransomware Detection

Ransomware is a type of malicious program that will encrypt many of your documents (text documents, photos, videos, etc), make them inaccessible and demands a payment to provide a decryption key (or a program) to remove ransomware from the infected computer. If you're sitting in front of your PC, you'll know very quickly if you are infected with Ransomware because it will likely prompt you for payment to decrypt your files. If you have WebSite-Watcher running 24/7 on a server or separate PC, you'll probably not realize that something is wrong. With the "Ransomware Detection" feature, WebSite-Watcher will regularly check if a certain file in your "My Documents" folder has been changed or deleted. And if so, you can get notified. This feature only works while WebSite-Watcher is running.

How does it work concretely

When WebSite-Watcher is started, a unique RTF file will be created in your "My Documents" folder. As long as WebSite-Watcher is running, this file will be monitored for changes. If this file is changed or deleted, the following will happen:

 

1.WebSite-Watcher will stop all running tasks, for example to check bookmarks, send emails, etc.
 
2.WebSite-Watcher will lock and protect as many important files in the WSW folder as possible to prevent encryption (these files will be locked as long as WebSite-Watcher is running). For example bookmark databases, configuration files, AutoBackups, etc.
 
3.A window will be displayed on top of all other application.
 
4.Optional alert by e-mail (the message will be sent on-the-fly without saving it into an Outbox on your hard disk)
 
5.Optional alert via Pushover (the push message will be sent on-the-fly without saving it into an Outbox on your hard disk)
 
6.If you use the WebSite-Watcher App and check the special bookmark WSW-for-Windows, you'll also get a notification that your PC was infected with Ransomware.

How to test this feature

1.The "Ransomware Detection" configuration includes a "Test this feature..." button. If you click this button, the unique RTF file in your "My Documents" folder is deleted as soon as you close the program configuration. You should then see an alert after a couple of seconds.
 
2.Open your "My Documents" folder and look for a file "wsw*****.rtf", for example "wsw64827346.rtf". Open, change and save this file, then WebSite-Watcher should detect and alert a change after a couple of seconds.

How secure is it?

There's no guarantee that WebSite-Watcher will be able to detect all types of Ransomware infections using this technique. WebSite-Watcher is only able to detect if the mentioned RTF file in the "My Documents" folder is changed or deleted, this only works as long as WebSite-Watcher is running. WebSite-Watcher cannot stop encryption of documents on your hard disk nor prevent infection with Ransomware. If Ransomware doesn't encrypt the mentioned RTF file in the "My Documents" folder or if WebSite-Watcher is not running, then WebSite-Watcher is not able to detect an infection.

Enable Ransomware Detection

1.Open the program configuration
2.Select the "Advanced" tab
3.Select "Ransomware Detection" on the left side
4.Enable Ransomware Detection and how you want to get notified
 
ransomware1

 

 

The following video shows the warning message on the PC, the RTF file is deleted via the "Test this feature" button.