Anti-Ransomware Protection (Canary Files)
The Cybereason platform’s Anti-Ransomware protection uses behavioral and proprietary detection techniques to identify previously unknown strains of ransomware. Anti-Ransomware inspects files and processes suspected to be ransomware and evaluates whether these files and processes are attempting to execute ransomware.
The Cybereason platform also contains Predictive ransomware protection. This new type of ransomware protection identifies typical ransomware behavior using a multi-layered detection mechanism. For more details, see Predictive Ransomware Protection.
The Cybereason platform offers Anti-Ransomware protection in addition to the Cybereason platform’s NGAV modules, which include signature-based detection, Artificial Intelligence analysis, Behavioral document protection, Fileless protection, and more.
Note
Anti-Ransomware is disabled by default. To enable this feature, set the Anti-Ransomware mode to **On**.
The Cybereason platform addresses ransomware based on how you configure the Anti-Ransomware feature:
As soon as Anti-Ransomware detects a malicious process, the platform can automatically suspend the process and generate a MalOp. The Malop details show whether the ransomware affected any user files, and how many user files the ransomware affected. In this scenario, Ransomware protection automatically suspends or prevents the process for every endpoint that detects the ransomware behavior.
You can then perform additional remediation actions. If you enabled Application Control, and marked the process for prevention from the Malop details screen or the Investigation screen, the Cybereason platform sends the hash of the ransomware to all endpoints across your installation and prevents the ransomware from executing.
Note
To protect the integrity of your operating system, if a ransomware attack is running from an operating system file, only the offending process is suspended.
Watch this video to learn more about Anti-Ransomware.
Topics: