Most anti-malware solutions are not ready for the next generation of ransomware attacks according to a new report from NioGuard Security Lab, an independent testing laboratory.
You may remember an article about RanSim — a nice tool from a company employing Kevin Mitnick. RanSim lets you find out if your machine is capable of withstanding ransomware threats by emulating 10 different attack scenarios. However, many anti-ransomware solutions are not compatible with RamSim — they either block its installation or delete crucial files needed for testing, obviously suspecting something in them. If you allow these files by adjusting the settings (as recommended by RanSim developers), then the antivirus functionality may not work as designed. It’s a design flaw in itself, because inexperienced software users may allow dangerous files and unknowingly expose their computers to cyberattacks.
So, we asked an independent testing laboratory — NioGuard Security Lab — to run a series of tests on various anti-ransomware solutions to emulate different types of ransomware attacks. The goal of the test was to help users understand which solutions are capable of blocking the attacks. Acronis True Image with Active Protection technology enabled was also to be tested. The tests would also examine the functionality of a behavioral detection and complex AI heuristics where present. Only this kind of technology delivers protection against zero-day threats, including ransomware.
NioGuard used a Python script to simulate 18 scenarios to emulate famous ransomware behavior including that of Locky, Thor, Nemucod, VaultCrypt as well as atomic functions used by cryptolockers. It was somewhat similar to RanSim, but because it used Python, a programming language allowed by all AV solutions, there was no need to make exceptions in settings or allow anything unusual that would complicate the test. The test was also designed to expose product weaknesses if the detection algorithms was only based on simple whitelisting to identify malicious processes.
The results, which you can check along with the detailed methodology here, were quite alarming: out of 22 anti-malware products that were tested, 50 percent failed by showing very limited ransomware blocking capabilities! Out of 11 other products, the best result was six blocked attacks out of 15 that should have been blocked!
Acronis Active Protection, which is part of Acronis True Image and is currently being deployed into Acronis Backup 12, performed much better: 11 out of 15 malicious attacks were successfully identified and blocked.
Do not forget, that we are continuously improving our Active Protection technology and deliver updates to True Image and other products regularly. We have big plans to cover all the threats in this simulator in the next release scheduled to be available later in the year.
FULL REPORT: Ransomware Protection Test
READ MORE:
- What is Ransomware?
- INDEPENDENT TEST: Acronis True Image 2017 New Generation Outperforms Competitors in Self-Protection Against Ransomware
- Who has the Best Backup? Independent IT Security Research Company MRG Effitas Analysed Eight Popular Backup Solutions
- Acronis True Image — A Powerful Combination of Speed and Ransomware Protection
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.