Overview
- Jump To Details
Bitdefender GravityZone Business Security Premium
Best for Businesses - Jump To Details
Sophos Intercept X Endpoint Protection
Best for End-to-End SMB Security - Jump To Details
ZoneAlarm Anti-Ransomware
Best For Dedicated Ransomware Protection - Jump To Details
Acronis Ransomware Protection
- Jump To Details
F-Secure Protection Service for Business
Best for Device management - Jump To Details
Malwarebytes Anti-Ransomware Beta
Thrifty Users - Jump To Details
NeuShield Data Sentinel
Best For Ransomware Recovery - Jump To Details
Panda Security Adaptive Defense 360
Best for Rigid security policies - Jump To Details
Symantec Endpoint Protection Cloud
Businesses - Jump To Details
Trend Micro Worry-Free Business Security Services
Best for Basic Small Business Protection - Jump To Details
Avast Business Antivirus Pro Plus
Best for Desktop-Centric Small Businesses - Jump To Details
ESET Endpoint Protection Standard
Best for Remote Management - Jump To Details
Heilig Defense RansomOff
- Jump To Details
McAfee Endpoint Protection Essential for SMB
Businesses - Jump To Details
Trend Micro RansomBuster
Thrifty Users - Jump To Details
Kaspersky Small Office Security
Businesses
You Can Trust Our Reviews
Deeper Dive: Our Top Tested Picks
Bottom Line:
Bitdefender GravityZone Business Security Premium offers a powerful business-grade security suite. It is easy to use yet has comprehensive controls. Stands out for its powerful detection capabilities and anti-ransomware protection features.Pros
- Provides best of class ease of use, reliable detection and protection capabilities, and a reliable policy management function.
Cons
- Doesn't have rollback capabilities for successful ransomware exploits.
- Has a cumbersome setup process for initial patch management.
Sophos Intercept X Endpoint Protection
Best for End-to-End SMB SecurityBottom Line:
Sophos Intercept X Endpoint Protection keeps its Editors' Choice rating this year with an even more intuitive interface, an updated threat analysis capability, and excellent overall threat detection.Pros
- Intuitive and effective threat analysis/EDR
- Excellent and fast threat detection
- Easy to navigate interface
Cons
- Only available through third-party vendors
- Linux workstations not supported
ZoneAlarm Anti-Ransomware
Best For Dedicated Ransomware ProtectionBottom Line:
ZoneAlarm Anti-Ransomware remains one of the most effective ransomware-specific security tools we've tested, defending against all our real-world ransomware samples.Pros
- Successfully defends against real-world ransomware attacks
- Restores files affected by ransomware
- Includes some antivirus features
- Keylogger protection
Cons
- Routinely allows (and then reverses) file encryption
- Keylogger protection is limited
Learn MoreZoneAlarm Anti-Ransomware ReviewAcronis Ransomware Protection
Bottom Line:
If your antivirus misses a zero-day ransomware attack, you're in big trouble. The free Acronis Ransomware Protection offers another layer of protection, plus 5GB of online backup storage.Pros
- Protects against most ransomware samples, including Petya.
- Recovers affected files.
- Detected 10 simulated ransomware attacks in our tests.
- Includes 5GB of hosted online backup.
- Free.
Cons
- Missed one real-world sample in our testing.
Learn MoreAcronis Ransomware Protection ReviewF-Secure Protection Service for Business
Best for Device managementBottom Line:
F-Secure once again does well in our endpoint protection testing with solid detection rates and easy device management, and a bundled VPN option. While some detection is still delayed, this is a solid overall choice.Pros
- Excellent detection of malware and scripted exploits
- Can update known software on endpoints
- VPN as part of the F-Secure Freedome component
- Good detection performance
Cons
- Detection can sometimes be delayed
- Reporting module is still limited
Learn MoreF-Secure Protection Service for BusinessMalwarebytes Anti-Ransomware Beta
Thrifty UsersBottom Line:
Malwarebytes Anti-Ransomware Beta watches program behavior to thwart any ransomware that gets past your existing antivirus. This lightweight, free utility makes a great addition to your security arsenal.Pros
- Detects and quarantines ransomware based strictly on behavior.
- Performed well in hands-on testing.
- Lightweight.
- Free.
Cons
- Ransomware may encrypt a few files before detection.
Learn MoreMalwarebytes Anti-Ransomware Beta ReviewNeuShield Data Sentinel
Best For Ransomware RecoveryBottom Line:
NeuShield Data Sentinel doesn't attempt ransomware detection, which can fail. Instead, it offers techniques for recovering from ransomware. It performs well in testing.Pros
- Reverses changes made by file-encrypting ransomware
- Proved effective in hands-on testing
- Blocks actions of disk-encrypting ransomware
- Remote recovery breaks hold of screen-locking ransomware
- Multi-factor authentication available for settings
Cons
- Recovery discards changes made on the current day
- Some low-importance files not recovered
Learn MoreNeuShield Data Sentinel ReviewPanda Security Adaptive Defense 360
Best for Rigid security policiesBottom Line:
As a malware detection and prevention platform, Panda has significantly improved since we last reviewed it. While it could still be vulnerable to fileless attacks and scripts, since they bypass the 100 percent attestation service, this is still a well-designed and thorough protection platform,Pros
- Well-executed interface
- Easy to configure and deploy
- Near 100% blockage of executable malware
- Excellent detection of known malware
Cons
- Requires several weeks to calibrate to your organization's habits
- Hardening mode tends to be too restrictive
Symantec Endpoint Protection Cloud
BusinessesBottom Line:
Symantec Endpoint Protection Cloud is an affordably priced and intuitively designed business protection platform. Featuring ease of use and various protection options, it lags behind competitors in anti-phishing and reporting.Pros
- Superb selection of protection tools for all threat types and attack vectors.
- User-friendly and intuitive controls.
- Excels at mobile device management.
Cons
- Lacking in anti-phishing and reporting capabilities.
Trend Micro Worry-Free Business Security Services
Best for Basic Small Business ProtectionBottom Line:
Trend Micro Worry-Free Business Security Services has a lot to offer in the way of traditional protection, but it lacks features like vulnerability scanning and patch management.Pros
- Includes enhanced threat analysis and EDR at higher pricing tiers
- Excellent detection capabilities
- Built in Intrusion Prevention Rules
Cons
- No support yet for macOS Monterey
- Lacks patch management
- Slow performance against inactive threats
Avast Business Antivirus Pro Plus
Best for Desktop-Centric Small BusinessesBottom Line:
Avast Business Antivirus Pro Plus is very easy to use, making it a solid choice for small businesses. But if your needs are a little more advanced, you'll probably miss several features that the competition offers.Pros
- Excellent threat detection capabilities
- VPN and File Shredder included
- Easy to manage
- Includes basic remote control
Cons
- No mobile device management
- Patch management needs a separate license
- No EDR features
Learn MoreAvast Business Antivirus Pro Plus ReviewESET Endpoint Protection Standard
Best for Remote ManagementBottom Line:
ESET has dramatically improved its SaaS offering in both interface and usability. It offers a high level of protection, too, but some lingering UI quirks might make it more challenging to use than some competitors.Pros
- Much-improved user interface
- Wide variety of detailed reports
- Easy to use remote management
- Plugin-free phishing protection
Cons
- UI can be inconsistent and overly complex
- Expensive, and EDR requires a costly upgrade
- Lackluster detection rates
Learn MoreESET Endpoint Protection Standard ReviewHeilig Defense RansomOff
Bottom Line:
Whereas most ransomware protection is extremely simple, Heilig Defense RansomOff stands out for its complexity. It does a decent job in testing, but the average user will probably want more streamlined protection.Pros
- Detected all real-world ransomware samples in testing.
- Includes HIPS-Lite component to detect suspicious activities.
- Can limit file access to authorized programs.
- Can lock out all but whitelisted apps.
- Restores files from just-in-time backup.
Cons
- One ransomware sample encrypted files despite detection.
- HIPS-Lite terminated both malicious and legitimate programs.
- File access protection unnecessarily complex.
- Whitelist feature too complex for many users.
Learn MoreHeilig Defense RansomOff ReviewMcAfee Endpoint Protection Essential for SMB
BusinessesBottom Line:
McAfee delivers a well-featured business security product with its Endpoint Protection Essential for SMB platform. However an excess of configurability will cause added complexity and confusion for some.Pros
- Good malware and virus protection.
- Unobtrusive to the user.
- Lots of options.
- Excellent reporting capabilities.
Cons
- ePolicy Orchestrator (ePO) is confusing to navigate.
- Too many options for small businesses.
- Poor antiphishing capabilities.
Trend Micro RansomBuster
Thrifty UsersBottom Line:
It's very good of Trend Micro to make RansomBuster available for free, and its Folder Shield successfully prevents unauthorized changes to your documents. However, the behavior-based detection system needs work.Pros
- Folder Shield blocks unauthorized access to protected documents.
- Detects encrypting ransomware behavior in any folder.
- Recovers any files that were encrypted before detection.
- Free.
Cons
- Folder Shield limited to two folders.
- In testing, behavior-based detection only caught half of the real-world ransomware samples.
Learn MoreTrend Micro RansomBuster ReviewKaspersky Small Office Security
BusinessesBottom Line:
Kaspersky Small Office Security did fairly well in our security tests. But while the company sells this as a business solution, we found it lagged noticeably when it came to business features, especially reporting and management.Pros
- Includes password manager, file encryption, backup, and recovery.
- Pre-configured to protect endpoints.
- Outstanding anti-malware, malicious URL, and anti-phishing protections.
- Simple management console uncluttered by business features.
- Includes ransomware rollback feature.
Cons
- Management console can do little more than see endpoint status and launch scans.
- Lacking policy-based management, reporting, and deployment options that many businesses see as necessary.
Learn MoreKaspersky Small Office Security Review
Buying Guide: The Best Ransomware Protection for Business for 2020
How to Choose the Right Business
What Is Ransomware?
A ransomware attack is one of the most devastating malware scams that business users can experience. You get locked out of your PC and you see a scary message appear on your screen demanding thousands of dollars worth of, say, Bitcoin (an anonymous form of payment that's kept in a cryptocurrency wallet) to be paid to an anonymous address. These messages usually have a countdown timer, adding a sense of impending doom to an already stressful situation. In the case of small to midsize businesses (SMBs), the data in their computers and systems could constitute viable client information, financial accounts, top-secret patents, and other types of priceless information. Without a decryption key, the only option is to restore your PC from a recent backup, provided you have one. If you pay the ransom fee, then you become another victim of the ransomware scourge that's been plaguing SMBs far and wide.
Ransomware, or cryptoware, is a form of malware that's the cyber equivalent of holding a hostage for cash, except in this case, the hostage is your company's data. You won't notice ransomware when it's first deployed because all it does is silently encrypt your files. But then, once it's encrypted enough of your data, it makes itself known. First, by locking you out of your own data by using an encryption key only its owner knows, and then with a message to you stating that it will provide you that key as long as you pay up first. In the meantime, you can't read your data anymore. Unfortunately, even if you pay the ransom, you have no idea if you'll get your data back. After all, the transaction is completely anonymous, and there is nothing to stop the attacker from graciously accepting your payment and then ignoring you. While getting your data back isn't impossible to do without paying the ransom, it's difficult, so it's more likely you'll be digging though your most recent cloud backups by the end of the day.
Some Recent Examples
Probably the most well-known ransomware threat was 2017's WannaCry. Its signature move was to use a back door in Server Message Block (SMB), the Microsoft Windows file sharing protocol. The exploit's name was EternalBlue; it gained quite a bit of notoriety in the public eye since the origin of EternalBlue was the Equation Group, a cyber-espionage group with suspected ties to the US National Security Agency (NSA), if you believe the sources. It would slip in, do its dirty work, and spread to nearby systems that were vulnerable. Fortunately, for a while this stopped being an issue in Windows 8 since the exploit was no longer effective against the way that Windows was handling memory management. Unfortunately, the threat is back again due to some intrepid hackers porting EternalBlue to work with all versions of Windows.
SamSam, another ransomware variant, has also made headlines. The Colorado Department of Transportation (CDOT) said it was hit by SamSam on February 21, 2018. The CDOT said "the breach was not through an email nor the result of employee error, but via a hole in [its] system that was exploited." Unfortunately, even though the CDOT was running up-to-date network security tools, SamSam had evolved enough to slip right past them. This is likely to continue to be the reality for the near future as network security has always been an arms race between the malware writers and network security software developers. What works today may not work tomorrow when it comes to malware removal and protection.
Getting Infected With Ransomware
There are tricky ways that ransomware can get into your system; EternalBlue is just one of them. However, bad actors who gain control of your systems rarely need to use anything that sophisticated. Many times, we inadvertently just give other people access. Social engineering, using human communication as a means of gaining access to information, is always the most effective way of gaining access to and exploiting a company's network. This doesn't have to take the form of a visit or even a phone call, but can remain entirely digital.
A common example is a hacker gaining control of an intermediary's email account, either through hacking their email service or simple gaining access to that user's password. Once the account is under their control, they can send carefully crafted emails to that person's contact database; emails that don't contain clumsy queries for account credentials but instead offer links to infected content. For example, "Check out this video clip, it's hilarious" is a common one. There might even be a video clip at the other end of the link but part of that video's data will also be the ransomware infection.
A few other risk possibilities include disgruntled employees, official-looking business emails from partners or phantom government agencies, or simply in-person visitors who leave things such as infected CDs or thumb drives behind. While not every case can be prevented, a fair amount of problems can be avoided by simply following a few SMB security best practices.
Releasing the Hostages
Depending on the type of ransomware attack, there are various countermeasures you can apply to deal with the situation. But mishandling a ransomware attack can be devastating for any business. Some companies pull the plug on their internet connections and go through the laborious process of re-installing each client PC's operating system (OS), software programs, and data from a secure backup. There's also the option of downloading a tool that addresses a specific ransomware threat to remove them from their system.
The odds of the right removal tool being easily available to you after a ransomware attack has been triggered aren't good, however. And simply shutting down your business machines and then re-installing everything, including OSes, key business software, and data can be almost as crippling and revenue-damaging as the ransomware you're trying to defeat. Recent backups can still be a critical part of the process, and since the cloud has made this easier than ever, it's something you should certainly make sure your business is doing.
However, the best defense against ransomware isn't reacting to it after it goes off, but rather, working to make sure it doesn't infect you in the first place. That's what the 10 tools reviewed in this roundup all purport to help you do. Even better, many of these contenders don't need to be purchased separately since they're new add-ons to existing endpoint protection products your business is likely already using.
How We Tested
To test these packages and their ransomware protection capabilities, I considered a wide variety of factors. The first was how well the product deals with known threats; this is normally consistent with the best performance. The next aspect I checked was how well the product can detect whether you are entering your information into a phishing website, which is one of the most common ransomware attack vectors. Active attacks rarely occur as an isolated event. Phishing and spear phishing attempts (that is, targeted information gathering) can sometimes appear legitimate. Giving your users the ability to know for sure whether they are giving information to a legitimate source is critical in defending your network.
Next, I checked how resistant the system is to exploits (meaning any technical vulnerabilities that might be used to compromise a system and gain privileged access). I did this in three stages in which each stage adds a layer of encryption or obscurity. Having an elevated level of privilege can grant access to do things such as uninstall the antivirus application, leaving the system completely undefended. With a combination of social engineering and technical means, it's very possible to hide on a system, extricate data, or install ransomware. What is even scarier is that much of this process can be automated and scaled.
Lastly, I checked for ransomware-specific features. In many cases, ransomware protection apps will journal and attempt to detect changes in files that look like ransomware. In most cases, machine learning (ML) is used in this process since there are many apps that encrypt data but most of the time these are not malicious. To test this functionality, I used both KnowBe4's ransomware simulator Ransim and a live copy of WannaCry on an isolated network for safety. I then checked to see how long it would take for the payload to be detected and dealt with. In addition, if any encryption did take place, then I validated whether or not files can be rolled back.
Final Thoughts
Ransomware is a dangerous but largely avoidable thing. By subjecting your network to regular security scans and penetration tests, practicing good security habits, and training your users, you can eliminate most of the methods by which your network can become infected. For the last mile, one of these 10 ransomware protection for business products reviewed in this roundup can help cover your bases.