There's a ransomware attack perpetrated every 11th second

Muninn interrupts ransomware autonomously

Ransomware attacks continue to cause devastating disruptions. Muninn AI Prevent stops ransomware but allows business operations to continue uninterrupted.

Stops ransomware in the earliest stages

Muninn AI Prevent acts as the first and last line of defense against ransomware, detecting and responding to the threat from the initial compromise to detonation.

Responds surgically to ransomware attacks

Muninn AI Prevent empowers organizations to fight back against the full range of machine-speed attacks, regardless of where they strike. Wide-ranging responses to ransomware attacks inflict serious and costly disruptions on business operations.

Muninn AI autonomously understands what normal business operations should look like and uses this understanding to mount a proportionate response to machine-speed ransomware, without inflicting damage on business-critical systems.

Typical Chain of Events in Ransomware-attacks

Our endpoint agent will detect the initial stages of a ransomware attack on the local laptop or server where indicators like stopping protective processes (Anti-virus, firewall, backup, shadowing services etc.) correlated with odd network behavior (like communication to and from Command and Control center and blacklisted external resources), will trigger the auto-prevention mechanism.

Below is an basic example of a chain of events of a ransomware attack, which Muninn AI detects:

1. Employee inadvertently starts the point of compromise, either through:

→ Clicking a phishing email
→ Inserting an infected USB device
→ Browsing malicious websites

2. Endpoint detection of suspicious activities on the local machine, such as:

→ Stopping and starting processes
→ Deletion of backup files
→ Altering registry keys
→ Creation of files in temporary directories
→ Execution of command scripts such as powershells
→ Renaming and encrypting local files

3. Detection of Lateral Movement:

→ Enumeration using host- and port scans
→ Scanning specifically for SMB shares on the network
→ Executing RPC on other machines
→ Exploiting vulnerabilities in the network
→ Installing and executing RAT (Remote Access Trojan) tools

4. C2 Communication:

→ Communication to Command and Control centers
→ TOR nodes detected
→ Communication with  external hosts on blacklisted domains or IP addresses
→ Anomalies in the usage of services, for instance on odd ports or at an odd hour
→ Communication with unexpected countries

5. Data Exfiltration:

→ Transfer of anomalous amount of data
→ Transfer of large number of (small) files

Read more about Muninn AI Prevent →