Ransomware attacks continue to cause devastating disruptions. Muninn AI Prevent stops ransomware but allows business operations to continue uninterrupted. Muninn AI Prevent acts as the first and last line of defense against ransomware, detecting and responding to the threat from the initial compromise to detonation.
Muninn AI Prevent empowers organizations to fight back against the full range of machine-speed attacks, regardless of where they strike. Wide-ranging responses to ransomware attacks inflict serious and costly disruptions on business operations. Muninn AI autonomously understands what normal business operations should look like and uses this understanding to mount a proportionate response to machine-speed ransomware, without inflicting damage on business-critical systems.
2021 saw the highest average cost of a data breach in 17 years, with the cost rising from US$3.86 million to US$4.24 million on an annual basis .
The COVID-19-powered shift to remote work had a direct impact on the costs of data breaches. The average cost of a data breach was US$1.07 million higher where remote work was a factor in causing the breach.
(IBM Cost of a Data Breach Report 2021).
Our endpoint agent will detect the initial stages of a ransomware attack on the local laptop or server where indicators like stopping protective processes (Anti-virus, firewall, backup, shadowing services etc.) correlated with odd network behavior (like communication to and from Command and Control center and blacklisted external resources), will trigger the auto-prevention mechanism.
Below is an basic example of a chain of events of a ransomware attack, which Muninn AI detects:
→ Clicking a phishing email
→ Inserting an infected USB device
→ Browsing malicious websites
→ Stopping and starting processes
→ Deletion of backup files
→ Altering registry keys
→ Creation of files in temporary directories
→ Execution of command scripts such as powershells
→ Renaming and encrypting local files
→ Enumeration using host- and port scans
→ Scanning specifically for SMB shares on the network
→ Executing RPC on other machines
→ Exploiting vulnerabilities in the network
→ Installing and executing RAT (Remote Access Trojan) tools
→ Communication to Command and Control centers
→ TOR nodes detected
→ Communication with external hosts on blacklisted domains or IP addresses
→ Anomalies in the usage of services, for instance on odd ports or at an odd hour
→ Communication with unexpected countries
→ Transfer of anomalous amount of data
→ Transfer of large number of (small) files