Group: Forum Members
It's true that businesses are often targeted for ransomware campaigns because they generally have more valuable data and a greater ability to pay the ransom. The precursor to a ransomware infection in those cases would be something like a "spear phishing" campaign, i.e. a fraudulent email that seems more credible because it mimics an email that the employees of that specific company would expect -- hence "spear phishing" rather than the more generic phishing emails. However, there are plenty of ways that regular home users can get infected. Major ad networks that fill ad space on websites all over the Internet for example have found themselves unwitting distributors of malware/ransomware, causing people to get infected simply by visiting perfectly legitimate and trusted sites. And yes, once a particular PC gets infected, it is very possible for it to infect other PCs on the same network. There are countless cases of a single employee clicking a bad link in an email while at work and causing dozens of other PCs to get infected because the malware package actively sought out other targets and knew how to exploit some Windows vulnerability that hadn't yet been patched on those systems.
As for McAfee vs. MIG [Macrium Image Guardian], I haven't looked into McAfee's ransomware protection/claims in particular, partly because I personally believe that running third-party AV in 2017 is a mistake for a variety of reasons, including interference with legitimate activity and the fact that there have been occasions where poorly written AV code has created a vulnerability on the system that wouldn't have existed otherwise. However, since a similar question was asked in another thread recently, I'll post here what I wrote there:
One of the benefits of MIG's anti-ransomware design compared to other technologies like Malwarebytes [or McAfee] or the new Controlled Folder Access feature in Win10 1709 is that the latter options employ a "black list" approach. Basically, they use definition files to identify and block known malicious applications and heuristics to attempt to identify and block unknown applications that seem malicious -- but they otherwise default to allowing activity. That design keeps them from being so obtrusive that users are driven to disable them, but it also means they can fail to block certain malware (and also interfere with legitimate applications such as Reflect!). MIG takes the opposite and much more hard-line approach, called a "white list". It operates on the premise that Macrium's applications are trusted, and everything else is categorically not trusted. That obviously makes it less flexible (for example, even users can't just delete backup files the "normal" way in Windows Explorer while it's enabled), which is why the white list design is typically considered impractical for solutions that are designed to protect multiple file types that might need to be edited by multiple applications -- but MIG is only focused on Reflect's backup files, and those are typically only modified by Macrium applications, so it can "afford" to use this design, and as a result it is both simpler and more secure than the other solutions' black list-based designs can ever be.