Hi! On Sunday, Feb 24, 2019, I helped a friend transfer data to a new PC and discovered a number of his files had been encrypted. Apparently, back in 2015, his system was hit by the "CTB-Locker" ransomware. He and his wife simply didn't notice the documents, photos, and music files CTB-Locker encrypted were no longer available. I also found the ransom files CTB-Locker left behind, with instructions on paying the ransom, etc. Back in 2011, I helped him purchase a MBAM license and I made sure to activate that license on his new PC. He has the latest version of MBAM running on his new Windows 10-based system.
In any event, I assume MBAM protects against CTB-Locker, by now, but my question is: when did MBAM start detecting and/or protecting against CTB-Locker? By virtue of his having a MBAM license, I don't assume MBAM was actually running or had the real-time protection enabled, etc, but I'm going to make sure *he* knows how to make sure MBAM is providing the appropriate protection. I have no clue how his system got hit, in the first place. I assume someone downloaded or ran something that resulted in the infection.
Thanks in advance?