The Ransomware is a category of malware which makes the data of the infected systems inaccessible and which demands for a ransom to restore them.
Usually the data are taken as hostage from an encryption algorithm and instead of your desktop a message appears which invites you to pay the ransom in order to have the password to decrypt all your data… however not always paying can solve the problem!
The infection vectors are several and many are the prevention activities that it is possible to take.
However the data confirm that this phenomenon is constantly growing and that sometimes has such huge effect that can affect the survival of the infected companies.
In fact today the 60% of the company have suffered from a Ransomware attack.
The Ransomware attack can cost on average to a company 301$ for each employee and 440$ for each end point.
For Windows systems, Skybackbone has developed eMalware service which is able to block any non authorised encryption process from the beginning.
eMalware constantly observs the models which edit the data file on the system and it compares those with the harmful one already seen.
This approach results to be extremely effective to identify Ransomware attack, also in the case of new Ransomware attack.
It is possible to create whitelist, that is a list of allowed programs with the related action to be executed, to avoid that allowed action are marked as unauthorised by mistake.
Moreover, the Main Start Record is monitored in order to avoid unapproved changes that can inhibit the correct start of your systems.
If a Ransomware attack start encrypting your file, eMalware immediately finds it and kills the process. Also if some data were encrypted before the interruption of the process it is possible to restore them from the service cache or if the client as a backup solution of Skybackbone, from any point.