Free App Fends Off Ransomware, Comes With Cloud Storage

Venerable backup-software maker Acronis threw its hat into the ransomware-protection last month, launching Acronis Ransomware Protection as a free download for Windows machines.

Screenshot: Tom's Guide

Screenshot: Tom's Guide

The small application runs in the background and monitors system activity for signs of an encrypting ransomware attack. If it sees an attack, the software will save a clean copy of the file being altered in a local cache, Acronis told us.

We installed and ran Acronis Ransomware Protection and, while we haven't tried infecting our own computer with ransomware, we can attest that's it's a smooth. clean application that alerts you to the presence of suspicious files and lets you trust them, block them or ignore them.

How Acronis Ransomware Protection Compares

Acronis' free anti-ransomware tool joins the ranks of half a dozen similar applications, including Cybereason RansomFree and Bitdefender Anti-Ransomware. Acronis' tool was spun off from Acronis True Image backup software, which added ransomware protection a couple of years ago.

MORE: What to Do If You're Infected by Ransomware

All three anti-ransomware tools seemed to get along with each other (as well as with other installed antivirus software) on our Windows 7 machine, but the Acronis tool took up a lot more running memory — about 140 MB between the system service and the taskbar menu — than either utility from Bitdefender or Cybereason.

That heavier system load, which is admittedly pretty small, may be because the Acronis tool's interface lets you actually do something. The Bitdefender interface has only a few settings, and the Cybereason interface is just a static screen with web links.

The Acronis interface, by contrast, presents you with a list of suspicious processes that you can either blacklist or whitelist. (Both of the other ransomware tools showed up on the list.) But if the software detected what looked like actual ransomware, it wouldn't wait for your say-so before blocking it.

Screenshot: Tom's Guide

Screenshot: Tom's Guide

"In event of a ransomware attack, Acronis Ransomware Protection blocks the malicious process and notifies the user with a popup," an Acronis press release said. "If any files were damaged in the attack, it facilitates the instant recovery of those affected files."

We found that the Acronis software didn't get in the way of other applications. The Cybereason tool, however, did at times, ramping up in CPU usage as we updated the Google Chrome browser.

Because Acronis is at heart a backup-software maker, you'll get 5GB of online storage free with each installation of Acronis Ransomware Protection. That's not a whole lot, and Acronis hopes you'll upgrade to a paid backup-software plan, but there's a handy drag-and-drop space right on the free tool's interface into which you can pull files or folders.

Screenshot: Tom's Guide

Screenshot: Tom's Guide

To make that backup work, you'll need an Acronis account, which the ransomware tool forces you to create during installation. Acronis needs at least a username and an email address from you for that.

Acronis says Ransomware Protection uses behavioral monitoring to spot the beginnings of a ransomware attack, and that it's effective against zero-day ransomware. The company says the tool has been proven effective against several ransomware families, including Cerber and Locky.  

First Impressions

Your current antivirus tool may already protect against ransomware, but Acronis insists that its policy of backing up attacked files to a driver cache means that its file recovery rate should be higher than anyone else's. (No ransomware tool can detect an attack before it starts, so a few files will often get encrypted before the attack is shut down.)

So should you use Acronis Ransomware Protection? It looks like it couldn't hurt.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.