WithSecure’s Activity Monitor technology rolls back changes to data caused by malware. Ransomware attacks have plagued organisations for the past several years, inflicting considerable financial losses. To help organisations manage ransomware and other threats, WithSecure (formerly known as F-Secure Business) has developed a new technology that can essentially undo the damage that malware can cause.
The technology was developed to make the capabilities of a sandbox more accessible. Sandboxes are isolated test environments that run unknown code to see how it impacts a system or data. Since sandboxes run code in isolation, they can execute unknown code safely to verify whether it’s safe or harmful. Instead of running code in an isolated environment, Activity Monitor creates selective backups of the system and data, and then allows the code to run on a system while monitoring the session. If Activity Monitor detects changes that could be harmful, it blocks the processes and uses the backups to restore the session to the state it was in before it ran the malicious code.
The WithSecure technology provides a new tool to combat ransomware infections, which some sources suggest costed organisations throughout the globe almost R400 billion by 2021. Most ransomware encrypts the victim's data, and then provides decryption keys in exchange for a ransom. Activity Monitor is built to detect these types of changes, and upon detecting the encryption processes, halts them and restores data to its unencrypted state. While rolling back ransomware infections is an obvious example of its value, the technology will provide many additional benefits to organisations.
The technology’s first implementation into a solution, Server Share Protection, is now available as part of WithSecure Elements Endpoint Protection for Servers. More information is available at the Cybervision website and if you need any more information please contact darreth@cybervision.co.za.
Share