WithSecure’s new tech is an ‘undo’ button for ransomware

Report this content

WithSecure’s Activity Monitor technology rolls back changes to data caused by malware.

Helsinki, Finland – February 23, 2023: Ransomware attacks have plagued organizations for the past several years, inflicting considerable financial losses. To help organizations manage ransomware and other threats, WithSecure™ (formerly known as F-Secure Business) has developed a new technology that can essentially undo the damage malware can cause.

The technology, called Activity Monitor, was developed to make the capabilities of a sandbox more accessible. Sandboxes are isolated test environments that run unknown code to see how it impacts a system or data. Since sandboxes run code in isolation, they can execute unknown code safely to verify whether it’s safe or harmful.

Instead of running code in an isolated environment, Activity Monitor creates selective backups of the system and data, and then allows the code to run on a system while monitoring the session. If Activity Monitor detects changes that could be harmful, it blocks the processes and uses the backups to restore the session to the state it was in before it ran the malicious code.

According to WithSecure™ Lead Researcher Broderick Aquilino, sandboxes provide a safe, reliable way to test malware, but with limitations that Activity Monitor was designed to overcome.

“The analysis provided by a sandbox shows a very comprehensive picture of malware’s behavior but consumes a lot of resources, which limits their use,” said Aquilino. “With Activity Monitor, we overcame these limitations by recreating the capabilities that sandboxes provide rather than how they work. Now we can create protection mechanisms that can bring these capabilities to more organizations.”

The technology provides a new tool to combat ransomware infections, which some sources suggest costed organizations throughout the globe as much 18 billion euros by 2021.* Most ransomware encrypts the victim's data, and then provides decryption keys in exchange for a ransom. Activity Monitor is built to detect these types of changes, and upon detecting the encryption processes, halts them and restores data to its unencrypted state.

While rolling back ransomware infections is an obvious example of its value, WithSecure™ Intelligence Vice President Paolo Palumbo expects the technology to provide many additional benefits to organizations.

“This approach makes very powerful detection capabilities more efficient so they can be used in new ways. Efficiency is very important for security to ensure our solutions give organizations practical, effective protection without preventing them from doing their jobs or accomplishing their business goals. And as we develop new applications and features using this technology, we expect it to enable better, more efficient defense mechanisms for our clients,” he said.

The technology’s first implementation into a solution, Server Share Protection, is now available as part of WithSecure™ Elements Endpoint Protection for Servers. More information is available at https://www.withsecure.com/en/expertise/resources/a-new-game-changing-technology-for-ransomware-protection.

This research was supported by TRUST aWARE, a project funded by the European Union’s Horizon 2020 Research and Innovation Programme under Grant Agreement No. 101021377.

*Source:https://www.europarl.europa.eu/resources/library/images/20220126PHT21867/20220126PHT21867_original.jpg

About WithSecure™
WithSecure™, formerly F-Secure Business, is cyber security's reliable partner. IT service providers, MSSPs and businesses – along with the largest financial institutions, manufacturers, and thousands of the world's most advanced communications and technology providers – trust us for outcome-based cyber security that protects and enables their operations. Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. With more than 30 years of experience in building technology that meets business objectives, we've built our portfolio to grow with our partners through flexible commercial models.

WithSecure™ Corporation was founded in 1988, and is listed on NASDAQ OMX Helsinki Ltd.

WithSecure™ media relations
Adam Pilkey
+358406378859

Subscribe