Acronis Active Protection 2.0

Next level of new generation anti-ransomware technology

Acronis Active Protection is an advanced anti-ransomware technology. It actively protects all of the data on your systems – documents, data of all types, and your Acronis backup files. It is available for Windows and Mac OS X operating systems and protects your data from recent ransomware like Petya, WannaCry, Locky and Osiris.

Pattern detection

Acronis Active Protection constantly observes patterns in how data files are being changed on a system. One set of behaviours may be typical and expected. Another set of behaviours may signal a suspect process taking hostile action against files. The Acronis approach looks at these actions and compares them to with malicious behaviour patterns. This approach can be exceptionally powerful in identifying ransomware attacks, even from ransomware variants that are as-yet unreported. In this new version of Acronis Active Protection we added additional behavioural heuristics to make ransomware detection even better.

New level of anti-ransomware defense
via Machine Learning

We invested heavily into new dedicated Machine Learning infrastructure which is used for telemetry and big data processing. What kind of data you may ask? First step, is a stack trace analysis. It is possible to detect code injections (done by nasty ransomware) using process stack trace analysis based on machine learning approach. Big data to study and analyse in our case is process stack trace dumps/frames which will be an input data for Acronis Machine Learning module and the output will be verdict – clean or infected. This approach brings active, on-execution protection on a new level, especially when we talk about new, 0-day threats. It doesn’t require any signatures of any kind but rather it creates a model of what is right and what is wrong, so even bad guys will find a new vulnerability or approach to infiltrate the system they hardly can pass this clean behaviour check done thanks to Machine Learning models.

Protects from most sophisticated threats

Acronis Active Protection is capable of detecting very sophisticated ransomware threats which make injects into legitimate signed processes in order to hide themselves in the system. New Active Protection 2.0 successfully detects these attacks via heuristics and Machine Learning. We also use special mathematical approaches to calculate file entropy, so we can understand that file was changed even if the header is the same. A lot of basic anti-ransomware solution act based on file headers.
One way that criminals could choose to compromise files would be to attack the backup software itself to corrupt the backup files it creates. To protect against this, Acronis has implemented a robust self-defense mechanism that won’t let criminals disrupt the work of the Acronis application or backup file content. Additionally, Acronis Active Protection monitors the Master Boot Record of Windows-based computers. It won't let any illegitimate changes to be made to prevent you from being able to properly boot your computer.

Actual recovery of ransomed files

If ransomware begins to encrypt files, Acronis quickly detects and halts this process. Because Acronis is a backup solution, any data that was exposed and encrypted before the process was halted can be recovered from a variety of backup sources. Not only can’t alternative anti-ransomware solutions commonly end an attack once it has started, they have no way to recover any files encrypted by the attack. Acronis Active Protection detects and deflects attacks, and restores files of any size!

Protection from future threats

The methodologies in Acronis Active Protection detect and deflect attacks, and restore in advanced ways. These protection approaches not only stay ahead of the criminals, but they are more innovative and advanced than any other anti-ransomware methodology available.

The solution addresses:

  • Attackers that try to infect or compromise local or cloud backups
  • Attacks that are smaller and harder to notice, for example changing only a small part of a document or photo deep in your hard drive
  • Attackers coming up with creative new ways to attempt to surreptitiously change your files without your knowledge Last but not least, technology superiority was proven by a number of independent testing organizations already.

Please check the following links:

https://www.av-test.org/fileadmin/images/news/20170403-backup_software/PDF/201704-avtest-data-protection-and-backup-software-test-report.pdf

https://www.mrg-effitas.com/wp-content/uploads/2017/04/MRG-Effitas-Comparative-assessment-of-Data-protection_backup-products.pdf

https://reports.nioguard.com/RansomwareProtectionTest_April2017.pdf

© 2003-2019 Acronis International GmbH. All rights reserved.
Legal info