New means of protection against ransomware

Ransomware attacks are becoming bigger, more frequent – and more frighteningly inventive.

Tracing the history and development of such malicious software shows malware authors are very resourceful and technologically savvy. At the same time, however, there are new means of protection:

 

  1. In early 2018, Acronis (https://www.acronis.com/ru-ru/company/) announced the release of a free product, Ransomware Protection, designed to protect against malicious software. It blocks access to data and prevents an attacker from requiring payment of ransom before returning access to valuable information.

Acronis Ransomware Protection is based on Active Protection technology, which detects atypical behavior of applications when accessing files and neutralizes ransomware attacks. In order to detect anomalies in system processes, heuristic mechanisms are used along with additional functions, including machine learning technologies and artificial intelligence based on neural networks.

 

  1. SandBlast Agent Anti-Ransomware automatically detects, blocks and removes the most dangerous malware – ransomware. Modern ransomware is almost impossible to disinfect on the basis of anti-virus (signature) protection, because new modifications of malware appear faster than they are added to the signature databases.

 

With SandBlast Agent Anti-Ransomware, any files that have been encrypted are easily and quickly recovered from a backup.

 

SandBlast Agent Anti-Ransomware uses advanced algorithms to detect and block encryption attacks. It does not use signature databases. Instead, several levels of protection are used:

 

– Analysis of cryptographer behavior;

– Detection of illegal data encryption;

– Automatic creation of an analytical report and placement of a cryptographer in quarantine;

– Data recovery.

 

  1. Cisco Talos has developed a solution that protects against extortion programs on several levels. The results of threat studies are used to improve the effectiveness of protection.

 

Umbrella Roaming is a cloud-based security service for the Cisco Next-Generation Firewall. It protects your employees, even if they connect to the network without using a VPN. No additional agents are required. It is enough to enable Umbrella support in the Cisco AnyConnect client. As a result, you get reliable protection against malicious programs, phishing and callbacks on the control line, regardless of how users connect to the network.

 

  1. Trend Micro RansomBuster is a standalone security program for Windows devices that protects your data from various types of cryptographers. The tool can be used in conjunction with your main antivirus. The program monitors the protected folders in the background and notifies the user if an unknown program tries to access objects. The notification indicates the name of the program and offers options for blocking or granting access to the program.
  2. Cybereason RansomFree is a free tool for protecting Windows computers, network and shared disks from encryption. It uses behavioral analysis to detect trojans and extortionists and does not require updating of signatures. The software puts the bait files on your computer and sits in the background to track the behavior of potential attacks.

 

Extortion programs can penetrate the system in various ways. Companies need to use a multi-level security system to reduce the risk of infection. First of all, it is necessary to develop a combination of software: antivirus, a comprehensive backup solution and protection against unauthorized access to files. In addition, you should have a complete backup solution that includes cloud storage, as this can be the only way to ensure that your files are restored after a ransomware attack if protection against viruses and ransomware fails.