The first known ransomware was in 1989 and dubbed the AIDs Trojan. While operating differently than today’s ransomware, the premise was very much the same. Infect a user’s computer and encrypt their valuable files to hold for ransom. Ransomware continued to evolve through the years while never being the prominent threat in cybersecurity, until around 2013. CryptoLocker was introduced and it completely changed ransomware forever. Now using cryptocurrency for payment, this kept the trail anonymous and hard to track, earning the CryptoLocker authors upwards of $30 million.
PC Matic prevents ransomware by blocking it before it can begin to execute using our default-deny protection. By blocking all unknown applications PC Matic can protect you against the newest and most targeted ransomware.
Fileless infections are a relatively new form of malware that has seen great success against all traditional security solutions. Using this type of attack, cybercriminals can avoid installing any actual malware on the computer. The attack resides inside of known good applications like your web browser or Microsoft Office and then utilizes Windows tools Powershell, wscript, or others. Once inside Powershell engine, the ransomware or malware attack is carried out. This attack can defeat traditional blacklisting solutions and whitelisting solutions because all applications used are known good and would be allowed by the antivirus.
PC Matic prevents fileless attacks by intercepting any calls from known good applications to scripting tools like Powershell and using proprietary heuristics to block the script before it ever gets to the engine.
Zero-day threats are about as old as the computer is today. All computers are made up of hardware and software, and sometimes there are bugs inside of that hardware or software. Zero-Day Threats typically leverage those bugs before they have been discovered and patched by the vendor. The term "Zero Day" refers to the fact that as soon as the bug is discovered, it is day zero counting up until a patch is made. Cyber criminals then work as fast as they can to utilize the bug and deploy malware or ransomware through it before the vendor can patch it. These types of attacks can also leverage exploits which allow the cybercriminal to gain higher privileges on the system and then distribute the payload. This can be devastating to a traditional antivirus that needs to keep its blacklist updated by the minute to try and keep customers safe from the new malware and ransomware.
PC Matic not only protects by blocking all unknown applications including malware and ransomware that may be deployed through a vulnerability but we automatically patch common third party applications that may contain vulnerabilities. This deploys fixes as fast as possible, while still blocking any attempts by cybercriminals at deploying ransomware or malware through the vulnerability.
The fake virus scam is typically an online scam that will try to confuse or trick the user into thinking they have been infected. While web browsing, the user may open an unknown link or visit a website that houses the scam. Upon visiting the page it will typically go fullscreen and become very difficult to close. While this is happening there will often be loud sirens, flashing text, and warnings that the computer is infected and you must call the phone number on the screen to remove the infection. Once called, this fake tech support team pretends to clean up a nonexistent virus, resets the browser, and charges around $400.
PC Matic uses a whitelist based protection to defeat the fake virus scam. These websites always popup a phone number, and PC Matic blocks any website that shows a phone number inside a pop-up window unless it’s a whitelisted phone number from a legitimate company. While the page is blocked the user is redirected to a safe webpage with information about the scam.
Adware has fallen under many different names throughout history. Since the '90s, ad-supported software has been called adware, potentially unwanted applications, or potentially unwanted programs. Adware can also be found inside of a normal application where it attempts to install another application or toolbar without the user knowing or tries to trick the user into installing the adware. Normally, adware is looking to serve you unsolicited ads on your computer through software you use in the form of banners, toolbars, or even popups. Today's most common adware comes through browser extensions that you install inside Chrome, Firefox, etc. Once installed these extensions can serve you pop-ups, ads, change homepages and more.
PC Matic protects against adware by keeping a strict policy to block applications that attempt to install adware or unwanted applications without the user knowing. In addition, we automatically scan and clean your browser to remove extensions that are malicious or serving unwanted ads to you.
Potentially Unwanted Programs, also known as Potentially Unwanted Applications, are programs that can be included or installed on a users device without their consent. These applications are often not malicious in a traditional sense, but they may be bundled in with an application the user is actually trying to install. For example, you may download a new game to play on your computer. During the install process, where most users click Next as fast as they can until the install starts, one window may show that they are also going to install a Shopping Toolbar in your browser. The game developers will often get paid for each person that also installs that shopping toolbar. While the toolbar may be of use to some people, since in this case the user wasn’t intentionally adding it, it is known as a potentially unwanted program.
PC Matic protects our users from Potentially Unwanted Programs by taking a firm stance against PUPs and adware alike. If a technically 'good' application is trying to include PUPs, we no longer consider it a good application. Trying to trick users is never a good thing.
Keyloggers, also known as keystroke loggers, are a type of malware that attempts to monitor everything you type on your computer through the keyboard. The main goal behind this software is to capture valuable information like emails, passwords, social security numbers, credit card numbers, etc. and use them or sell them on the black market for a profit. Keyloggers were introduced back in the 1970s by soviet spies that used a hardware keylogger to target typewriters. Today, most keylogging is done through software that is installed on a user’s computer without their knowledge. Once installed it can harvest information and transmit it back to cybercriminals on a central server.
PC Matic prevents keyloggers from being installed with our default-deny approach. Because keylogging software would be known bad or unknown to us, it will always be blocked before it can execute and begin harvesting keystrokes.
Time bomb software, like other types of malware, can be used in ethical and unethical ways. Initially, it was introduced into free software to create a trial period that the user could test the software out for a predetermined amount of time before it would be deactivated and require payment. However, this same idea is used today by malware and ransomware to help it evade detection from traditional solutions. Using this technique, malware will sit on a system and remain dormant for a period of time until it is activated by the software itself or by a cybercriminal manually. By sitting locally on the device and not behaving badly, it can give the malware an opportunity to fool traditional antivirus into thinking it is not a bad application.
PC Matic prevents time bomb malware and ransomware by always blocking unknown applications on execute. To our protection, it doesn’t matter how long you’ve been sitting dormant on the device, we won’t check you until you attempt to run and at that time will be seen as unknown. This prevents the execution no matter how long it has been programmed to lay and wait.
Cryptominers, compared to other malware we discuss here, is relatively new. They center around mining cryptocurrency which didn’t gain mass popularity until the 2000s. When used maliciously, this attack is commonly referred to as cryptojacking. Cryptojacking using your computer's resources like CPU to mine for cryptocurrencies and provide the benefit back to the cybercriminals. This can drastically slow your computer down even when you seem to be doing things that use minimal resources. This attack can happen inside of your web browser through a malicious extension, or can also be initiated through malicious software that is installed on your computer.
PC Matic protects against cryptojacking using two technologies: default-deny protection, and removing malicious browser extensions. By blocking all unknown applications, we’re able to prevent cryptojackers before they can get installed, and even if you accidentally add a browser extension that attempts to mine cryptocurrency, PC Matic will automatically remove it.
Viruses and Worms are terms that are often interchanged for one another as they both take a similar approach to infecting a machine. The virus and worm both look to replicate themselves once executed on the machine so that they are hard to track down and remove completely. This historically has defeated traditional antivirus software because each replication looks like a new file and is unknown to the blacklist that the antivirus uses. Trojans take advantage of a similar flaw in traditional blacklist software. It attempts to mask itself as a legitimate piece of software, or even hides inside legitimate software to fool the antivirus into allowing it to run even though it is unknown.
PC Matic prevents all three types of attacks by utilizing our global whitelist and a default-deny approach. Before a virus or worm can execute and begin replicating, PC Matic sees it as an unknown and blocks the attempt. Trojans are also blocked as unknown before execution because we have never seen that file; even if they attempt to masquerade under legitimate names like Microsoft.
The term rootkit was established to reference the cybercriminals attempt to get access to the lowest portion of your system, otherwise known as the root. Gaining access to this level provides unprecedented control and access to your machine. The tools available allow the cybercriminal to install more malware, monitor system activity, and intercept sensitive information from your machine. Rootkits commonly are installed through the user running an unknown download, or opening an attachment that is actually malicious. Modern rootkits, once in place, are often used to run another piece of malware successfully like ransomware.
PC Matic prevents rootkits from infecting your device by blocking all unknown execution attempts no matter where they are coming from. When a user attempts to open that malicious PDF or a macro that tries to download and install a rootkit behind the scenes, PC Matic sees the application as not on our whitelist and blocks it before it can run and infect you.
Advanced Persistent Threats are very high level malware attacks that often target complex networks in an attempt to gain access and control inside the network to exfiltrate data or cause another type of harm. These attacks are often perpetrated by nation-states or large hacking groups with political or economic intent. While the attack vector varies, it is often highly targeted compared to a traditional malware attack that may cast a large net with hopes to infect as many people as possible. The most popular method to gain access to a network is social engineering or spear-phishing one specific target. Once inside the network, malware will be deployed that is often constantly changing or updated to remain undetected and stealth.
PC Matic prevents Advanced Persistent Threats by using Whitelist protection and a default-deny approach inside our realtime protection. Constantly changing threats will always be seen as unknown applications when they attempt to execute inside a network. By default, if something is unknown, the execution is denied before it can get a foothold in the network.
Polymorphic Viruses are a type of malware that change their code every time they attempt to execute on a device with the goal of remaining an undetected or unknown threat to traditional security software. Because most security software uses blacklist technology, they are constantly looking for known threats that are inside the blacklist and will be blocked to keep the user secure. However, polymorphic code can change its own code to appear as something new every time it runs. This patently defeats most blacklist based antivirus because the list cannot possibly be updated fast enough to defeat the ever changing threat. Polymorphic threats date back to the early 1990's and are a popular form of attack even today.
PC Matic prevents polymorphic threats using a whitelist approach to security. This means that instead of only blocking things we know are bad, we block anything that we don’t know to be good, including all unknown applications. When a polymorphic virus changes itself, we continue to see it as unknown and deny the execution, keeping your device safe.
A botnet is a network of devices that work together to overload a target’s network. Often carrying out what is known as a Distributed Denial of Service attack or DDoS, these bots will all make constant attempts to connect to a website or server with the hope of overloading the site or forcing it to slow down drastically. While the main components of this attack take place over the network, there are often unwilling participants in the attack. Cybercriminals will use malware planted on user machines to create "Zombie Computers" that are used to carry out the attack without the user ever knowing. This can drastically increase the size of an attacker's "army" of devices.
PC Matic protects our users from becoming participants in this style of attack by taking a preventative approach towards all malware. Our whitelist based protection blocks anything that is not known good at the time of execution. This makes it nearly impossible to plant malware on a users machine without their knowledge. Keeping the device clean removes the ability for a cybercriminal to use it as a zombie in their army of machines.