Bitdefender anti-malware researchers have released a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families by exploiting flaws in their spreading methods.
“The new tool is an outgrowth of the Cryptowall vaccine program, in a way.” Chief Security Strategist Catalin Cosoi explained. “We had been looking at ways to prevent this ransomware from encrypting files even on computers that were not protected by Bitdefender antivirus and we realized we could extend the idea.”
The new tool is available for download on the Bitdefender website.
A study conducted by Bitdefender in November 2015 on 3,009 Internet users from the US, France, Germany, Denmark, the UK and Romania offers a victim’s perspective on data loss through crypto-ransomware:
- 50% of users can’t accurately identify ransomware as a type of threat that prevents or limits access to computer data.
- Half of victims are willing to pay up to $500 to recover encrypted data.
- Personal documents rank first among user priorities.
- UK consumers would pay most to retrieve files
- US users are the main target for ransomware.





thz a lot
Thank you, from a very worried old man!
I have locky ransonware. Thanks for you job.
Many thanks for the help against Ransomeware
Should create a Restore Point before installation.
[****] removes all the temp files as well as the actula Programme / Application. Have to still try it on our BitDefender protected Machines.
Regards
Probably not. It should be fine. Hopefully. We think.
Hello
incompatible with [****] Internet 2016
he takes it for Trojan.Win32.Generic
best regard
Please advise their tech support about this issue.
I already using Bitdefeder Total security. Sould I use bitdefender ransomware tool? thank you..
Ok thanks a lot !
one week ago my pc was attacked by locky ransome ware.
check
thank you thank you —-you guys are amazing
thanks for bitdefender!!
Gracias
De nada.
Bonjour,
Étant client Bitdefender comment puis je profiter de cet outil gratuit.
Cordialement,
lien de telechargement
Multumesc
Bonjour,
Nous possedons dans notre entreprise Bitdefender Gravity Zone, Faut il ajouter cet outil aux postes clients ou est il deja intégré dans le logiciel ?
Cet outil n’est pas integre en Bitdefender Gravity Zone.
Gravity zone ne protege pas contre les ransomware ?
Certes que si, mais d’autre maniere.
Is there a possible method to decrypt the files?
Thanks
Not without the private key.
I already have Bitdefender Total Security 2016. Do I still need this?
Thank you,
Not really, unless you plan on turning it off soon?
This tool could recover files encrypted by Locky?
Thank you!
No.
Hey thanks for you Soft ! It’s really nice ! GJ.
Quick question: What about how it works !? Process, CPU, etc etc !?
Will it work with existing AM/AV? Existing AM/AV is not BitDefender
Probably not. Try before you buy.
Many thanks
Thanks and it is great !
Can I using this program in Company?
Hello, I try to remotely install this to several computers. I have added the /VERYSILENT to the exe, but I would like also to add these option as default during the install:
Run when Windows starts to ON
Minimize on startup to ON
Miminize to tray to ON
How can I add this to the setup install?
Thanks a lot for your help on this.
I am using Bit Defender Internet Security 2016, do I need to add this new tool (Crypto Ransomware vaccine) to it ?
It is not necessary.
What does this tool exactly scan?
All internet traffic, services, processes, etc?
It doesn’t scan anything. It is not an antivirus.
Could be nice, but how does that work ? would it be possible to have a technical resume about it ? how this will deal with other protection/monitoring programs ? legacy programs ? it’s appealing but if it’s for having hundreds of users complaining all days because that make legacy app broken….
It should not break anything, as it doesn’t interact with other apps, unlike an antivirus. It’s still recommendable to test it before use and in any case if you are thinking about securing “hundreds of users” you’re better off using something like Gravity Zone.
vaccine tool? What does that mean, if it was a vaccine I would just need to run the software once and I would be inoculated, this however do not seem to be the case? Is a behaviour monotoring tool, does it install a service or do I need to have the GUI running all the time – it is a little unclear if the load with Windows is only the GUI or the entire “protection package”.. Is any license terms available? Anyhow, thanks for a valiant efford.
It’s a vaccine, but it can (and probably will) be updated against new strains, hence the need to run at startup. It does not monitor behavior, it just uses some tricks to prevent those specific families of ransomware from infecting your system.
The software is provided AS-IS, without any implied or explicit guarantees. Redistribution is permitted.
Hi,
Congratulations,my countrymen,for all the software you made.
Please, enlarge/enhance the number/range of anti-ransomeware types against which you offer protection.
ALL THE BEST!
Dan
use [***]Enpoint Security 10 Maintenance 2.
Can i Use with BD AntiRansomware??
No.
Like it!
Bonjour. Certainement très bien mais en (Français)car tout le monde ne pratique pas la langue Anglaise.
MERCI de m’avoir lu. MM
Je regrete de vous informer que ca n’est pas possible pour nous parce que le cout de localiser cet logiciel est bien plus grand que le profit qu’il nous apporte 😉
with win 8.1 64b trying to execute BDAntiRansomwareSetup.exe 4.46mo I have the msg:
“Cette application ne peut pas s’exécuter sur votre PC”
what’wrong?
trying 3 downloads…
more..
admin mode:
Windows ne trouve pas ‘D:\_PERSO\Downloads\BDAntiRansomwareSetup1.exe’.
Vérifiez que vous avez entré le nom correct, puis réessayez.
?????
Many thanks for this. One question, after install we see the last log entry is “Could not add Locky protection”, is the possibly a rights issue?
What command-line options will force “Minimize to tray” on startup and close button?
Thanks Bitdefender for the tool!
Unfortunately it doesn’t work with my AV because it has also a ransomware protect integrated so they don’t like each other 🙂
Best regards
Are there any command line commands to enable a silent installation? We are a MSP and would love to enable this program to remote install. We are deeply integrated with BD as is. 🙂
Please use /SILENT or /VERYSILENT as command line options. This works from any domain admin account.
[…] detected BD antiransomware as Trojan
is true?
Doesn’t work for the scenario where an Administrator installs it for users who are not administrators. The installer creates a Scheduled Task which launches the program upon logon of any user, but the the task requires elevation, so it fails to run when a non-administrative user logs on.
Great to have another weapon in the armoury against ransomware.
Would I be correct in assuming that the 4 registry entries thrown up as suspect in an AdwCleaner scan on my Windows 7 PC this morning containing the characters “protector_dll.Protector” are generated by the vaccine and can be ignored?
log
Could not add Locky protection.
CoInitializeSecurity failed: 80010119
Could not add app to run key!
Could not force security logs check thread to terminate.
Could not save application settings
ANY SUGGESTIONS
www.facebook.com/stopcryptovirus
Is it allowed for commercial use? I mean company use, I couldn’t find any licence agreement.
Yes.
Hello, I try to remotely install this to several computers. I have added the /VERYSILENT to the exe, but I would like also to add these option as default during the install:
Run when Windows starts to ON
Minimize on startup to ON
Miminize to tray to ON
How can I add this to the setup install?
Thanks a lot for your help on this.
Can I change this providing an inf file?
If yes, what is the format of that file?
Thanks
Cedric
/verysilent isn’t even supposed to load the UI…
Hello
Thanks for the nice program
Will you include a Payta protecion to it ?
My AV flagged this as W32.OutBrowse.kdex
Hello, can you please tell me does this software create some locky reg file in regedit?
Br.
R.
registry entries in current user should allow settings to be set silently e.g. [HKEY_CURRENT_USER\Software\Bitdefender\BitdefenderAntiCryptoWall]
App runs and uses current user but still to check if it will pick up on the settings if they are in equivalent local machine location. Alternatively GPO / default user could be used.
Hi Could I use it for My business 17 computers?
Thanks
Hello,Bitdefender Anti-Ransomware will not run automatically.Don’t show in Autostart.
Everything in the program is ON.
How do you test that it’s working? Will it automatically update itself? Is their a log file of it’s action?
Your tool failed against Tesla V3, ugly. Whats wrong?
https://www.youtube.com/watch?v=EBi0HfLb5Yk
(3:57)
Looking into it.
M S word files infected by LOCKY virus wish to recover
Dear Staff,
as you can see in the comments of my blog [http://www.ransomware.it/bitdefender-antiransomware] some users are experiencing issues with scheduled tasks and the need of elevation at launch. Furthermore, it seems that the scheduled task requires elevation, so it fails to run when a non-administrative user logs on and even if standard users do elevate they are not protected. Any suggestions/workarounds?
You can complement this with […] Anti-Ransomware !
thank you
Can you make a tools to recover encrypted files ?
My encrypted files have such a name :
“Mis.ini.ID16F13FEF.Vegclass@aol.com.xtbl”
Please Help
Hi there, we are using BD gravity zone in our company.
in a previous comment you stated, that this tool will not be included in BD gravity zone.
do you recommend to install this tool additionally to BD gravity zone?
Thank you in advance
I’ve read article
http://www.pcworld.com/article/3049179/security/free-bitdefender-tool-prevents-locky-other-ransomware-infections-for-now.html
but still want to know how does it actually do?
“The new Bitdefender tool takes advantage of these ransomware checks by making it appear as if computers are already infected with current variants of Locky, TeslaCrypt or CTB-Locker. This prevents those programs from infecting them again.”
What does it “vaccines”? What part of Windows tells ransomware it is already infected by it?
Hello,
I know you have mentioned redistribution is permitted. However, is there a written license statement somewhere confirming that the BitDefender vaccine is free for use even in business environment?
By the way, great job!
Thank you,
Martin
Thanks for the kind words! Alas, there is no such statement, beyond the release and about two dozen articles in the media, complete with quotes from Bitdefender representatives. You can download and use it in good faith, from our website or any number of freeware sites.
Please remember, however, that this is experimental stuff and the lack of licensing also means a lack of guarantees of any kind.
We might discontinue it tomorrow, or cease updating it and never tell anyone, or… you get the drift.
I’m using Bitdefender Antivirus Plus 2015. Is this vacine incorporated or do I need to install it seperately?
Link in that page is broeken. https://labs.bitdefender.com/2014/12/bitdefender-offers-free-cryptowall-vaccine/
Via:
http://www.geekdashboard.com/ransomware-removal-tools/
We no longer offer that tool.
How can I remove the policies applied by BitDefender Anti-Ransomware after its uninstallation?
Question about this tool. Will it remove, for instance, the locky malware if still running in the infected computer? Suppose that the idea is to clean the malware from the computer without performing a format to the disk drive.
This tool does not remove anything, it just prevents infections with some common ransomware.
Hi – does BitDefender Antivirus already offer similar protection or does this vaccine tool complement the antivirus product? Cheers!
The antivirus offers protection in various other ways. You could call this complementary, and you’d be almost exactly right.
Looking to test this out; any idea where I could find some infected files? (Sounds crazy I know!)
Sounds less crazy and more like you want to play with fire. Our advice is: don’t.
Do you think that it would be possible to change the installer to look for the registry key in HKLM and copy it to HKCU if it finds it? Creating the key just in HKCU makes it impossible for us to silently deploy it alongside the BitDefender AV product we already have on our network.
Why is creating HKCU\SOFTWARE\LOCKY\ ?
How can it be deinstalled-removed? where can we see it?
Ok i see it in revo-uninstaller. was unsure since i On a different win7-pc(mine is winxp)i could see a bitdefender popup(dont know exact name anymore) which couldnt be removed but is now gone after a clean. will check revo uninstaller. dont know if other person installed bitdefender software. MS security essentials in there as default.
Puno pozdrava od Nebojse stevanovic iz Kragujevca Serbia
how do I get immunization on? Don't see where to do this.
Does this program also protect against "CryptoLocker" and "CryptoWall"? As far as I read it in the Wikipedia, these are other ransomware families than just CTB-Locker, Locky and TeslaCrypt. I'm kinda confused now…
I also found a program called "Bitdefender Anti-CryptoLocker 1.0.7.5" Do I need to install this also, or is this program outdated?
Anti-Cryptolocker is deprecated. The Vaccine does what it says on the tin, and only that.
Thank you very much.
MSP here deploying this via powershell using /verysilent switch and everything installs fine. The only thing is it is not set to start automatically with Windows and to minimize to Systray. Are there any other switches during install to make sure BDAntiRansomware is started with Windows?
Thanks Guys just downloaded very grateful
Why is it creating: HKCU\SOFTWARE\LOCKY\
and HKCU\SOFTWARE\Qi…. (stuff)
Why does it create these two registry entries:
1. HKEY_CURRENT_USER\SOFTWARE\LOCKY
2. HKEY_CURRENT_USER\…(not sure of exact path)…\Qi…
I update Bitdefender Anti-Cryptowall with last version and Chome crash with "He's dead Jim!. Either Chrome ran out of memory or the process" …
I try to uninstall,restart then install Chrome but Chrome stop, even setting not work…
I unninstall Bitdefender Anti-Cryptowall last update and everything is OK.
WinXp SP3, Pentium dual-core 2.6Ghz, 4G RAM, Chrome 49
Liviu
The program created some registry entries like: …\Software\Locky
Why does it create that entry?
Usually Locky itself creates the …\Software\Locky
I noticed that Bitdefender Anti-Cryptowall block first time extension from chrome (adblock, ietab …) then Chrome crash…
Hello,
We plan to deploy this tools at a large scale.
Would it be possible to have all the possible install parameters?Would be greatly appreciated 🙂
Kind regards,
Sorry AntiCryptowall work OK but AntiRansomware block load of all extension in Chrome….
A un cliente le llego el .locky por correo y lo ejecuto.
El archivo es "Document 2.docm" y bloquea todo xlsx, docx pdf rar zip exe ,etc. Tengo este archivo si lo quieren. Como desencripto los archivos?
Buna ziua,
Versiunile 1,0,11,47 si 1,0,21,1 blocheaza deschiderea urmatoarelor: arhiva zip, WinSCP, Remote Desktop Connection, Adobe reader. De cele mai multe ori, fara erori. Se rezolva daca se reincearca deschiderea a 2-a oara, la alte programe a 3-a oara. Daca s-a deschis ap;icatia, la reincercare deschide din prima.
OS: XP SP3, 32 bits, cu Bitdefender Free si nod 32 evaluare 30 zile. Versiunile anterioare nu au avut aceasta manifestare.
In log-ul C:\Program Files\Bitdefender\Tools\BDAntiRansomware\Logs\BDAntiRansomware\BDAntiRansomwareXXX.log nu vad nici o eroare marcata la ora corespondenta cand nu pornesc aplicatiile.
NOTA: WinSCP afiseaza ecranul de pornire dar fara continut text butoane ( transparente ), arhivele dau un "blink" de sunet fara mesaj.
Event Viewer nu consemneaza nici o eroare.
Victim of Ransom ware personal files were encrypted into .micro extension, anti-malwarebytes helped in removing it.. still no clue how to get back those encrypted files.
To Rahul
Try this:
1)http://support.*.com/kb6051/?viewlocale=en_US
2)http://www.bleepingcomputer.com/forums/t/605185/teslacrypt-3040-xxx-ttt-micro-mp3-support-topic/page-80#entry4002886
how can i decrypt cerber ransomware file
What good does this do if you are already infected with the virus? I am not seeing it helping with the computer that was infected that I put it on. How do you get it removed???
If I have this running on a server will it protect the shares, if another computer gets infected to tries to search for connected shared drives?
merci
We are your customer in Thailand. Your local engineer recommended my team to install this tool but it has conflict with Sage 300 ERP. Do you have the resolution for this case? Thank you.
does Bitdefender Antivirus Plus 2016 guard against ransomware, e.g. Locky and Zepto and thier variants? Or do I have to purchase a different security package?
Yes, it does.
My Laptop attacked by cerber 2 ransomware and every data encrypted now .any help
just had a skype reinstall request but apperently anti ransomware was blocking it
telling me "The Windows Installer service could not be accessed"
Has this "fix" for Locky been updated to about current day, September 29, 2016
How do I get back my encrypted files which have been encrypted by cerber ransomware without succumbing to the demands thereof? Kindly advice.
its it real my 1tb hard disk was encrypted with .cerber3 type of encryption if it was help pls tell yes or no
Thank you very much!!
my PC files are encrypted by CERBER and file extention is .a934 . Please help me on this .
The Crypto-ransomware vaccine is a proactive protection mechanism. If used when your computer is in a clean state, it would render potential ransomware impossible to execute. However, if you have already fallen victim to ransomware, the tool won't be able to decrypt the files for you.
Is this program recover the damaged files?
oK..!!