{"id":5442,"date":"2016-04-13T16:35:55","date_gmt":"2016-04-13T16:35:55","guid":{"rendered":"https:\/\/kasperskydaily.com\/b2b\/?p=5442"},"modified":"2020-02-27T04:02:54","modified_gmt":"2020-02-26T17:02:54","slug":"anti-cryptor","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.au\/blog\/anti-cryptor\/5442\/","title":{"rendered":"No ransomware on servers: new Anti-Cryptor technology"},"content":{"rendered":"<p>Kaspersky Lab has <a href=\"https:\/\/www.kaspersky.com\/about\/news\/product\/2016\/Kaspersky-Lab-Released-New-Version-of-Kaspersky-Security-for-Windows-Server\" target=\"_blank\" rel=\"noopener nofollow\">unveiled<\/a>\u00a0a new version of Kaspersky Security for Windows Server application,\u00a0developed specifically for high performance corporate servers. It is enhanced with new Anti-Cryptor technology, which could\u00a0land this particular release among the year\u2019s most important.<\/p>\n<p>Cryptors, ransomware, cryptomalware \u2013 three different names for today\u2019s cybersecurity scourge. Prevention and self-protection algorithms are well-known: \u201ccold\u201d backup, antiphishing tools, signature malware blocking, and sandboxing. However, it always looks as though ransomware hits out of the blue. As Andrey Pozhogin mentioned last week, cybersecurity-related forums are abuzz with discussions how to deal with cryptors.<\/p>\n<p>For instance, the first page of Reddit\u2019s \/r\/netsec section carries links to news regarding Petya ransomware (which had been cracked a couple of days ago) and PowerWare, yet another cryptor apparently derived from PoshCoder cryptomalware. At least five more ransowmare-related threads are there in the \/r\/Malware section. Some of the issues have been successfully <a href=\"https:\/\/www.reddit.com\/r\/Malware\/comments\/4dy2dx\/samas_ransomware_help\/\" target=\"_blank\" rel=\"noopener nofollow\">resolved<\/a>, but just a few.\u00a0The rest are not that fortunate. There are even cases where the ransom was paid and the decryption keys were acquired from the criminals, but those keys didn\u2019t work.<\/p>\n<p>Cryptomalware can infiltrate and encrypt an entire network \u2013 including its backups \u2013 within minutes. In fact everything within the corporate network requires technical means to prevent ransomware from encrypting data, but file servers are the \u201cweakest spot\u201d, in the sense that if they are attacked by ransomware, businesses experience heavy interruption, down to termination of all processes.<\/p>\n<p>The new version of Kaspersky Security for Windows Server contains a number of protective technologies aimed at preventing malware from launching and spreading.<\/p>\n<p>The solution identifies and scans critical areas of a business\u2019s corporate servers for malware, helping to strengthen those areas of the operating system that are most exposed to infection.<\/p>\n<p>For example, scanning Autorun files can help prevent malware from launching during system startup. Any hidden processes are also exposed.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-5446\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/102\/2017\/05\/06020512\/main-5.jpg\" alt=\"main\" width=\"1000\" height=\"391\"><\/p>\n<p>To help protect businesses from unknown and advanced threats, Kaspersky Security for Windows Server includes Application Startup Control: using configured rules IT staff can allow or block the startup of executable files, scripts, and installation packages, or the loading of program modules onto servers.<\/p>\n<p>Then there is Anti-Cryptor technology based on Kaspersky Lab\u2019s own algorithm: behaviour analysis is used here to detect and protect shared folders from encryption activity.<\/p>\n<p>And if, for some reason, this encryption starts, there is a malicious host blocker: if any malicious activity is detected through Real-Time File Protection or Anti-Cryptor activities, access to shared network folders is immediately restricted to a secure server, protecting files from damage by any malicious third parties.<\/p>\n<p>Kaspersky Security for Windows Server is available as a part of a\u00a0<a href=\"https:\/\/www.kaspersky.com\/business-security\/file-server\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Security for File Server<\/a>, <a href=\"https:\/\/www.kaspersky.com\/business-security\/small-to-medium-business\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Endpoint Security for Business<\/a> and\u00a0<a href=\"https:\/\/www.kaspersky.com\/business-security\/storage\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Security for Storage<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cryptomalware can infiltrate and encrypt an entire network &#8211; including its backups &#8211; within minutes. <\/p>\n","protected":false},"author":209,"featured_media":15390,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,2994],"tags":[2408,1628,420],"class_list":{"0":"post-5442","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-cryptomalware","10":"tag-cryptor","11":"tag-ransomware"},"hreflang":[{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/anti-cryptor\/5442\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/anti-cryptor\/8717\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/anti-cryptor\/3690\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/anti-cryptor\/5442\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/anti-cryptor\/5442\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.au\/blog\/tag\/cryptomalware\/","name":"cryptomalware"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/5442","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/comments?post=5442"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/5442\/revisions"}],"predecessor-version":[{"id":26861,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/posts\/5442\/revisions\/26861"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media\/15390"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/media?parent=5442"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/categories?post=5442"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.au\/blog\/wp-json\/wp\/v2\/tags?post=5442"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}