When Boston was inundated with ransomware attacks in 2016, the local FBI office was at a loss for solutions when business owners called in a panic. The FBI already had their hands full with terrorism investigations and lacked the manpower to track down the culprits.
Federal agents basically told the business owners to give in. Joseph Bonavolonta, a then-assistant special agent in charge at FBI’s cyber and counterintelligence program in Boston, told attendees at a 2015 cybersecurity summit that his office was overwhelmed with ransomware reports. “To be honest, we often advise people just to pay the ransom,” he said at the conference, according to SecurityLedger.com.
After the panic, the FBI approached the commercial industry for help, said Bill Keeler, a spokesman for Cybereason. What, federal agents asked, could the private sector offer for small businesses to avoid ransomware attacks in the future?
The company created RansomFree, a free tool that protects against a wide array of ransomware strains, such as WannaCry, Bad Rabbit and NotPetya. Cybereason’s free product joins a small but growing group of cybersecurity tools that are available for free. (Boston-based Cybereason has since raised at least $188 million in funding, including at least $25 million from defense giant Lockheed Martin.)
Experts say free tools make it possible to bring a basic level of cybersecurity to every computer network. Perhaps more importantly, the new interest in free tools is increasingly important because that kind of comprehensive coverage could make it easier for the U.S.’s cyber warriors to focus on their jobs and not worry about civilian-focused attacks.
Already, this year, Atlanta and Baltimore are reeling from the effects of a ransomware attack that crippled some city services, including Baltimore’s 911 services.
RansomFree was created because of the FBI’s request and out of a desire to make the internet a safer place — not to mention the positive PR boost for its paid product that comes with 750,000 RansomFree downloads — said Israel Barak, chief information security officer at Cybereason. “The sense was that we need to do it out of social responsibility,” he said.
Other free cyber services, according to Tech Radar, include anti-malware tools like Bitdefender Antivirus Free, AVG AntiVirus Free and MalwareBytes. Other companies that offer free versions of their cybersecurity products include Panda Internet Protection and MailWasher.
Free products differ from open-source products because they are released completed, tested and vetted. They are full, complete products that could be sold — but instead, companies give them away. Sometimes, these products are micro-versions of their for-sale product, but in general, they offer a small measure of safety for the private sector that keeps the larger U.S. internet ecosystem safer.
“The hackers are becoming more targeted, they’re more determined. They’re having to put some effort into the campaigns they carry out,” Barak said. Sometimes, he said, that effort requires them to use smaller-scale targets to reel in a big catch — such as the WannaCry ransomware attack, where thousands of IoT devices were used to cripple large American businesses.
Keenan Skelly, vice president of global partnerships and security evangelist at Circadence, said there are many free cybersecurity tools online that are open-source. While open-source tools present their own set of vulnerabilities and strengths, sometimes price tag is the No. 1 factor for small cyber targets.
Skelly said there are many free cybersecurity tools online that are open-source. While open-source tools present their own set of vulnerabilities and strengths, sometimes price tag is the No. 1 factor for small cyber targets.
“It’s sometimes so competitive, and the prices for these things are becoming more and more obscene,” she said. “Sometimes the best option is going to be the one that you can get for free online.”