K7’s ransomware protection received a perfect score in a recent test conducted by Neil J. Rubenking, the Lead Analyst for Security at PCMag. Anti-ransomware tests are not unusual as all credible cybersecurity evaluation agencies will test cybersecurity solutions against ransomware. Nor is it unusual for K7 to receive a perfect score in ransomware protection, as K7 was one of the first to develop anti-ransomware technology and we even shared the methodology with other cybersecurity developers to help protect the world against ransomware.
It is the type of test that is unusual: while other tests are conducted with all security features activated, this security analyst turned off all protective layers except behaviour-based protection and then launched multiple real-world ransomware attacks, and K7 successfully defended against all of them. We will examine why this matters, but we must first explain how ransomware works and the challenges faced in ransomware protection to understand the significance of this test.
How Ransomware Works
Ransomware is a form of malware that prevents access to data on the infected device by encrypting the data and demanding a ransom, usually in cryptocurrency, for a decryption key. This type of attack is highly effective as most organisations will come to a standstill if they cannot access their data, even if the data is purely administrative data. Ransomware, as an extortion model, works even if the impacted data is of no value to anyone else; as long as the victim organisation (or individual) values the data, the ransom might be paid.
Conventional Signature-based Ransomware Protection
Cybersecurity companies usually gather threat samples, analyse them, develop signatures to identify the ransomware, and distribute these signatures as definition updates to their software installed on their customers’ devices. While this method is effective, it may struggle to detect some malware.
Unknown/Zero-day Malware
K7 estimates that 200 new ransomware variants are created every day and it is inevitable that some users will be the first to encounter unknown/zero-day ransomware. Such users may be adversely impacted by such ransomware if their devices are infected in the time interval between distribution of ransomware by threat actors and distribution of signature definitions by threat defenders, if their cybersecurity solution depends entirely on signature-based detection.
Obfuscated Malware
Threat actors are aware that signature-based detection is used to detect their malware and therefore attempt to evade cybersecurity solutions by disguising their ransomware. If the obfuscation is effective, the ransomware attack may succeed even if the cybersecurity solution is armed with a signature definition for that ransomware variant.
K7’s Behaviour-based Ransomware Protection
K7 has developed behaviour-based ransomware protection to overcome the limitations of signature-based protection. K7’s behaviour-based protection uses AI to monitor and analyse the behaviour of potentially suspicious processes, especially those that try to modify specific file types and the frequency of such attempts. K7 also examines sudden increases in file entropy (randomness of content) of unrecognised file types such as free-flowing text files, as unencrypted files usually have more uniformity than encrypted files, to stop malicious encryption.
K7’s behaviour-based detection and analysis protects against different ransomware approaches:
- Standalone – Ransomware that directly encrypts files is detected and deleted when it attempts to begin encryption
- Injection – Malware that attempts to encrypt device files by injecting itself into a system process is detected and the injected system process is killed
- MBR Compromise – Heuristic detection is used to detect and block ransomware that attempts to encrypt the Master Boot Record
By analysing behaviour, K7 does not solely depend on prior identification of ransomware and can identify unknown/zero-day/obfuscated ransomware on first encounter.
The effectiveness of behaviour-based protection is key to developing a comprehensive and reliable ransomware defence, which is why the test mentioned at the beginning of this blog is significant.
Why K7’s Perfect Anti-Ransomware Score Matters
By turning off all protective layers except behaviour-based protection and then launching multiple real-world ransomware attacks, the security analyst was able to simulate unknown/zero-day/obfuscated ransomware attacks by disabling signature-based protection. K7 successfully defended against all the ransomware samples with only its behaviour-based protection. The analyst’s verdict stated
“The antivirus pulled off a perfect score in my ransomware protection test. For this test, I turned off all protective layers except behavior-based protection and tried to launch a dozen real-world ransomware attacks. K7 fended them all off, with no damage to the test system.”
The perfect score indicates that all users protected by K7’s cybersecurity solutions enjoy complete peace of mind against ransomware as they do not need to worry about an attack even if they are the very first in the world to encounter that form of ransomware.
Additionally, K7’s anti-ransomware technology is capable of distinguishing legitimate encryption from ransomware i.e., encryption used by the enterprise to protect its data is allowed, but ransomware’s malicious encryption is identified and blocked.
K7’s enterprise cybersecurity solutions help businesses defend their operations against the latest cyberthreats and maintain compliance with relevant regulations. Contact Us to learn more about our cybersecurity products and services, and how we can help you enhance your cyber defences.