What is ransomware?
Ransomware is malicious software that blocks access to some of your files or entire system and demands a ransom for unblocking. The software shows you a window informing you that your files are locked and that you have to pay urgently, otherwise you will not be able to access the files anymore. The message may also be disguised as an official statement from authorities, for example, the police. The purpose of the message is to frighten a user and make them pay without asking for help from an IT specialist or the authorities. Moreover, there is no guarantee that you will regain control over your data after paying the ransom.
Your computer can be attacked by ransomware when you visit unsafe websites, open email messages from unknown people, or when you click suspicious links in social networks or instant messages.
Ransomware can block your access to:
You cannot use Windows or do anything on your computer. As a rule, ransomware does not encrypt your data in this case.
Usually, this is your personal data, such as documents, photographs, and videos. Ransomware encrypts the files and demands money for the encryption key, which is the only way to decrypt your files.
Ransomware blocks some of your programs so that you cannot run them. It most often attacks your web browser.
How Acronis True Image 2018 protects your data from ransomware
To protect your computer from ransomware, Acronis True Image 2018 uses the Acronis Active Protection technology. Based on a heuristic approach, this technology monitors processes running on your computer by using the real-time mode. When it detects a third-party process that tries to encrypt your files or inject malicious code into a healthy process, it informs you about it and asks if you want to allow the process to modify your files or block the process. Refer to Protecting your data from ransomware for details.
A heuristic approach is widely used in modern antivirus software as an effective way to protect data from malware. As opposed to the signature-based approach which can detect only one sample, heuristics detects malware families that include samples with similar behavior. One more advantage of this approach is an ability to detect new kinds of malware that do not have a signature yet.
Acronis Active Protection uses behavioral heuristics and analyzes chains of actions done by a program, which is then compared with the chain of events in a database of malicious behavior patterns. Since this method is not precise, it admits so-called false positives, when a trusted program is detected as malware. To eliminate such situations, Acronis Active Protection asks you if you trust the detected process. When the same process is detected for the second time, you can add it to the permission list and set the default action for this process by marking it as trusted or blocked. If you do not, you will be able to blacklist this process. In this case, this process will be blocked every time it tries to modify your files.
To collect as many as possible different patterns, Acronis Active Protection uses Machine Learning. This technology is based on mathematical processing of big data received with telemetry. It is a self-learning approach, because the more data is processed, the more precisely a process may be detected as ransomware or not.
In addition to your files, Acronis Active Protection protects the Acronis True Image application files, your backups, archives, and Master Boot Record of your hard drive.