Acronis Active Protection

Acronis Active Protection is a technology that protects your data from ransomware and your computer from illicit cryptomining.

What is ransomware?

Ransomware is malicious software that blocks access to some of your files or your entire system, and then demands a ransom for unblocking. The software shows you a window informing you that your files are locked and that you have to pay urgently, otherwise you will not be able to access the files anymore. The message may also be disguised as an official statement from authorities, for example, the police. The purpose of the message is to frighten a user and make them pay without asking for help from an IT specialist or the authorities. Moreover, there is no guarantee that you will regain control over your data after paying the ransom.

Your computer can be attacked by ransomware when you visit unsafe websites, open email messages from unknown people, or when you click suspicious links in social networks or instant messages.

Ransomware can block your access to:

What is illicit cryptomining?

Illicit cryptomining is the unauthorized use of someone else’s computer to mine cryptocurrency. When you normally use your PC, the embedded cryptomining malware works in the background, performs calculations, and sends data to the cryptomining sites. The cryptomining malware does not change or encrypt your files, but its use of CPU resources may cause slower performance or lags in execution.

Your computer can be attacked by cryptomining malware when you visit unsafe websites, open email messages from unknown people, or when you click suspicious links in social networks or instant messages.

How Acronis True Image 2020 protects your data

To protect your computer from malicious software, Acronis True Image 2020 uses the Acronis Active Protection technology. Based on a heuristic approach, this technology monitors processes running on your computer by using the real-time mode. When it detects a third-party process that tries to encrypt your files, inject malicious code into a healthy process, or uses the CPU for mining cryptocurrency, it informs you about it and asks if you want to allow the process to keep running or to block the process. Refer to Protecting your computer from malware for details.

A heuristic approach is widely used in modern antivirus software as an effective way to protect data from malware. As opposed to the signature-based approach which can detect only one sample, heuristics detects malware families that include samples with similar behavior. Another advantage of this approach is an ability to detect new kinds of malware that do not have a signature yet.

Acronis Active Protection uses behavioral heuristics and analyzes chains of actions done by a program, which is then compared with the chain of events in a database of malicious behavior patterns. Since this method is not precise, it admits so-called false positives, when a trusted program is detected as malware. To eliminate such situations, Acronis Active Protection asks you if you trust the detected process, so you can add it to the permission list and set the default action for this process by marking it as trusted or blocked. If you do not trust the process, you will be able to blacklist it. In this case, that process will be blocked every time it tries to resume the malicious activity.

To collect as many as possible different patterns, Acronis Active Protection uses Machine Learning. This technology is based on mathematical processing of big data received through telemetry. It is a self-learning approach, because the more data is processed, the more precisely a process may be detected as ransomware or not.

In addition to your files, Acronis Active Protection protects the application files of True Image, your backups, archives, and Master Boot Record of your hard drive.