Acronis Active Protection

Secure Bakcup

As we already reported, a new ransomware outbreak occurred in Europe on October 24. It hit some companies in Russia, Ukraine, Germany and the U.S., preventing full operations for some companies even after two days. Bad Rabbit has numerous advanced features such as propagating over local networks, but most notably it’s actually attacking backup files.

Bad Rabbit Ransomware

On Tuesday, October 24, 2017, a new ransomware sample called Bad Rabbit hit Russia, Ukraine, Turkey, Germany, Bulgaria, USA, and Japan. Russia and Ukraine were hit the most as the infection started through some hacked Russian news websites. Russian media agencies Interfax and Fontanka, as well as transportation organizations in Ukraine including the Odessa airport, Kiev's subway and the country's Ministry of Infrastructure were among the first to catch the infection.

CCleaner Malware

Users of CCleaner for Windows, a maintenance and file clean-up tool developed by Avast Piriform, are being told to update their software immediately, since it’s been discovered that hackers had installed a backdoor in the official application that would allow additional malware to be added to the infected system.

The ability of cybercriminals to access user systems by adding malware into official software builds of trusted vendors is a major red flag. Protecting your data just got even more critical, so here’s what you need to know.

Backup with Ransomware Protection

Since launching Acronis Active Protection, we’re frequently asked why we developed an artificial intelligence-based technology to combat ransomware. And since announcing that it will be part of all editions of Acronis True Image 2018, we’ve heard the question more frequently.

So here’s a look at why is Acronis investing time and money to create a cutting-edge ransomware protection technology and how our AI and machine learning solution fights this ever-growing digital threat.

Serpent ransomware

Serpent is the 4th generation of the malware originally known as Zyklon. First, it became WildFire, then Hades Locker, and now, Serpent. This type of ransomware typically spreads through spear phishing emails containing a link to download the cryptolocker.

Spora ransomware

Spora ransomware has been active since the beginning of this year. Typically, it is distributed through spear phishing and watering hole attacks, but the recently discovered variant spreads through the HoeflerText pop-ups on infected websites in EITest campaigns.

Even though Spora ransomware is not new, the latest modification, when it was first discovered, was only blocked by a limited number of anti-malware programs. This could be due to the fact that the new build is using the polymorphic encryptor to create new copies of itself for further spreading and extra code obfuscation. It also has a slightly changed payload.

Fight Ransomware

Whenever there’s a large-scale ransomware attack like WannaCry and EternalPetya, the number of infected computers reported by the media can be overwhelming.  It’s easy to forget there are thousands of individuals who need to rebuild their digital lives in the aftermath.  

But hearing customers talk about how Acronis saved their data is a great reminder that our solutions help real people every day. Take yesterday’s email titled “How Acronis True Image 2017 NG proved to be a lifeguard.

Cerber Ransomware

The well known Cerber ransomware continues to be active this summer. The size of the cryptolocker varies between 244 to 292 Kbytes, with the new builds spreading via spear phishing email campaigns, targeting enterprises. The latest Cerber ransomware easily bypasses traditional defenses. The analyzed Cerber sample (MD5: cfd2d6f189b04d42618007fc9c540352) was only detected as a suspicious malicious object by nine out of 64 antiviruses on the first submission to Virustotal. The low detection rate can be explained by the fact that the cryptolocker is using a polymorphic encryptor and API call obfuscation to protect its copies from being detected by antiviruses.

 

Protect from Industroyer

If you are interested in cybersecurity, you may remember Stuxnet, an infamous worm which stopped uranium enrichment plants in Iran back in 2010. It’s no longer a secret that it was an Israeli-American cyberweapon. Since that time there were a lot of cases where critical infrastructure was attacked without any political motivation. One recent case is Industroyer — a mix of cyber weapon and ransomware-like products. We were contacted by our big OEM partners running process control systems who asked about this threat, wondering if our newest anti-ransomware technology, namely Acronis Active Protection™ could help. And guess what? Acronis Active Protection does help!

Ransomware protection

The WannaCry attack in May highlighted the threat that ransomware poses to computer users around the world. Yet months before it happened, Acronis introduced a technology that kept countless customers safe during the historic attack.

As part of Acronis True Image 2017 New Generation, Acronis Active Protection™ protects your data against the threat of ransomware by identifying, isolating and defeating malicious code based on behavior patterns before it has a chance to cripple your computer.