Kaspersky Lab today unveils an intelligent new technology to help organisations better protect themselves against ransomware and cryptoware.
The company’s new ‘Anti-Cryptor’ technology was announced as a key component of the updated Kaspersky Security for Windows Server application that is included within its endpoint security for business range*, as well as within its targeted solutions specifically for file servers and security storage.
Together with Kaspersky’s Application Startup Control technology, the new feature promises to help businesses defend their electronic assets from the scourge of cryptoware – such as the recent ‘Locky’ malware – which is fast spreading across the globe and holding businesses of all sizes to ransom.
Having last year partnered with the Dutch National High Tech Crime Unit to successfully launch a decryptor service for ransomware victims seeking to recover their encrypted files, Kaspersky Lab has taken the next step, releasing intelligent preventative technology to stop infected machines from remotely accessing assets on the company network.
“Ransomware is a big issue in the business world. Today, many cybercriminals are using it to earn so-called ‘fast money’, because it’s easy to implement and commit a cybercrime like this. No business wants to lose its sensitive data. Kirill Slavin, General Manager at Kaspersky Lab UK goes on to say: “So many victims end up paying for their data to be decrypted straight away. But cybercriminals don’t always stick to their side of the bargain and decrypt the data after payment. To combat this, a comprehensive approach to security is essential for businesses, as a single infected file anywhere in a corporate network can spread rapidly, causing untold damage across the whole network.”
Cryptomalware, for example, can infiltrate and encrypt an entire network - including its backups - within minutes. This can bring entire business operations to a halt, leaving it without the ability to restore its critical data.
Appropriate dedicated server security helps to protect critical corporate data and eliminate the danger of malware penetrating the backup copies of files. Kaspersky Lab has updated its security application for servers; using all of its researchers’ expertise and intelligence to provide customers with reliable security against the latest malware threats. The solution’s new features make the security of corporate servers even more flexible and easy to manage.
Additionally, the solution identifies and scans critical areas of a business’ corporate servers for malware, helping to strengthen those areas of the operating system that are most exposed to infection. For example, scanning Autorun files can help prevent malware from launching during system startup and can detect any hidden processes.
To help protect businesses from unknown and advanced threats, Kaspersky Security for Windows Server includes Application Startup Control. This provides customers with further security, using configured rules to allow or block the startup of executable files, scripts and installation packages, or the loading of program modules onto servers.
The solution, which leverages the new Anti-Cryptor technology, is unparalleled on the market. It’s based on a patented Kaspersky Lab algorithm that uses behaviour analysis to detect and protect shared folders from encryption activity – preventing a business from being locked out of its own files and being forced to pay a ransom for their ‘release’.
Another technology employed by the solution is its malicious host blocker. If any malicious activity is detected through Real Time File Protection or Anti-Cryptor activities, access to shared network folders is immediately restricted to a secure server, protecting files from damage by any malicious third parties.
Kaspersky Lab principal security researcher, David Emm said: “Ransomware itself has gained significant momentum in recent years and continues to threaten many organisations, as well as individuals. In 2015, 753,684 ransomware attacks were blocked on computers belonging to Kaspersky Lab customers; 179,209 of which were cryptors.
For most victims, resigning themselves to coughing up the demanded ransom is the only solution that can recuperate their files. However, this spurs cybercriminals into continuing and advancing their attacks. Victims often don't even think about liaising with law enforcement agencies, favouring the supposedly easier method of getting their files returned to them by paying the ransom. This means it is much more difficult for security organisations to collect useful data that can combat these attacks. That’s why it’s important that businesses use appropriate security solutions such asKaspersky Endpoint Security for Business, instead of leaving themselves exposed to this unfair game and being held to ransom.”
Kaspersky Security for Windows Server technology is developed specifically for high performance corporate servers, providing cost-effective, reliable, scalable security for shared file storage, with minimal impact on resources. It is available as a part of Kaspersky Security for File Server, Kaspersky Endpoint Security for Business*, and Kaspersky Security for Storage.
*Select (excluding application control), Advanced and Total Security for Business