Ransomware Prevention

Muninn AI has proved to stop ransomware attacks in milli-seconds.

Muninn interrupts ransomware autonomously

Ransomware attacks continue to cause devastating disruptions. Muninn AI Prevent stops ransomware but allows business operations to continue uninterrupted. Muninn AI Prevent acts as the first and last line of defense against ransomware, detecting and responding to the threat from the initial compromise to detonation.

Muninn AI Prevent empowers organizations to fight back against the full range of machine-speed attacks, regardless of where they strike. Wide-ranging responses to ransomware attacks inflict serious and costly disruptions on business operations. Muninn AI autonomously understands what normal business operations should look like and uses this understanding to mount a proportionate response to machine-speed ransomware, without inflicting damage on business-critical systems.

Ransomware remains the #1 threat to companies worldwide

2021 saw the highest average cost of a data breach in 17 years, with the cost rising from US$3.86 million to US$4.24 million on an annual basis .

The COVID-19-powered shift to remote work had a direct impact on the costs of data breaches. The average cost of a data breach was US$1.07 million higher where remote work was a factor in causing the breach.

(IBM Cost of a Data Breach Report 2021).

Typical Chain of Events in Ransomware-attacks

Our endpoint agent will detect the initial stages of a ransomware attack on the local laptop or server where indicators like stopping protective processes (Anti-virus, firewall, backup, shadowing services etc.) correlated with odd network behavior (like communication to and from Command and Control center and blacklisted external resources), will trigger the auto-prevention mechanism.

Below is an basic example of a chain of events of a ransomware attack, which Muninn AI detects:

1. Employee inadvertently starts the point of compromise, either through:

→ Clicking a phishing email
→ Inserting an infected USB device
→ Browsing malicious websites

2. Endpoint detection of suspicious activities on the local machine, such as:

→ Stopping and starting processes
→ Deletion of backup files
→ Altering registry keys
→ Creation of files in temporary directories
→ Execution of command scripts such as powershells
→ Renaming and encrypting local files

3. Detection of Lateral Movement:

→ Enumeration using host- and port scans
→ Scanning specifically for SMB shares on the network
→ Executing RPC on other machines
→ Exploiting vulnerabilities in the network
→ Installing and executing RAT (Remote Access Trojan) tools

4. C2 Communication:

→ Communication to Command and Control centers
→ TOR nodes detected
→ Communication with  external hosts on blacklisted domains or IP addresses
→ Anomalies in the usage of services, for instance on odd ports or at an odd hour
→ Communication with unexpected countries

5. Data Exfiltration:

→ Transfer of anomalous amount of data
→ Transfer of large number of (small) files

Download the Muninn Product Sheet

Muninn  protects your entire enterprise from cyber threats, including SaaS, Cloud services, the on-premise corporate network, and endpoints.

Founded in 2016 by computer scientists from the Massachusetts Institute of Technology (M.I.T.), Muninn builds on technologies that were once reserved for nation-state defense organizations and makes them available to all types of companies and public organizations. Global companies rely on Muninn to safeguard critical digital assets and infrastructures.
Get the product sheet