Ransomware is a malicious program that infiltrates your pc usually through a link in an email or an infected website. The program then encrypts all the files it can access on your pc and across the network. The program writes the decryption key to a hosted server. The program prompts the user to pay a “ransom” to be able to access your files again. There is no way to simply “fix” these types of attacks. The encryption process is a valid procedure used in a malicious way. Without the decryption key, a viable backup, or a rollback feature, you can not restore your files.

Our new Endpoint Detect and Response platform helps protect users against ransomware attacks in 2 ways. The first way it protects users is by attempting to stop the infection from happening from the start. The platform uses file/process behavior not simply a static comparison file to spot malicious activates even if it hasn’t seen the file names or processes before. The second feature is a rollback function. The platform uses the shadow copy process built in to the pc to track every file change made and create “stories” whenever a change occurs. If file A changes File G and then file G change file Y. It creates the story of A-G-Y. Even if the platform doesn’t believe this activity was originally malicious, it can always rollback the story to the original versions of just files A,G,Y without having to restore files A- Z using a backup or full system restoration. This process mitigates downtime and allows for previously unknown threats to be remediated which is something traditional anti-virus can not accomplish.