Acronis True Image software will use machine pattern learning to stay ahead of potential ransomware attacks by detecting suspicious behavior before files get corrupted.

The software attempts to detect suspicious application behavior before files are corrupted.

“Before, with Active Protection, we detected changes in files. We looked at files, and if multiple operations of encrypting files occurred, an alert was raised,” said Gaidar Magdanurov, vice president and general manager for consumer and online business at Acronis. “Now, we look at what the application is doing. Ransomware can inject code into the application and, on behalf of the application, it encrypts your files.”

Magdanurov said ransomware attacks have begun to affect home users and smaller business customers.

True Image is a consumer backup tool. In the past, Acronis has added Active Protection and other security features in its Acronis Backup application for businesses after first including them in Acronis True Image backup.

The updated Acronis Active Protection collects data and sends it to the Acronis Cloud AI infrastructure for analysis. Machine learning models are created from expected and unexpected behavior, and malicious and legitimate processes. These models become part of the Active Protection so that Acronis True Image can protect a system’s data independent of an internet connection while combating ransomware.

ctive Protection can then detect suspicious behavior and check it against the normal process using heuristic analysis and the machine learning models. Any process deemed abnormal prompts the Acronis True Image backup software to send an alert to the administrator.

Real-time monitoring helps verify processes so normal activities continue to run while irregular behavior is stopped. True Image will automatically restore files that were encrypted from the backup.

Magdanurov said the latest version of Active Protection analyzes unusual patterns of data modifications. It analyzes pieces of files on different parts of the hard drives and can detect if any piece of a file is corrupted, he said.

True Image moves ‘beyond backup’

Phil Goodwin, research director for storage systems at IDC, said Acronis True Image backup acts more like malware detection with this new technology.

“It’s pretty interesting. They are still different from malware detection, but they are moving in that direction,” he said. “This is beyond backup.”

Goodwin said the use of machine learning technology helps to protect the Acronis True Image backup software and primary data in combating ransomware.

“Previously, a malware event attacked the systems,” he said. “Now, they are trying to propagate in the backup software itself.”

Acronis also updated the Active Protection to combat macOS ransomware attacks. While Windows was hit with WannaCry and Petya ransomware attacks, some of the attacks on Mac systems include KeRanger, Patcher and MacRansom.

“There are new types of ransomware attacking Mac computers,” Magdanurov said. “It’s different in scale because there are less Mac computers. Also, creating ransomware to attack Mac computers is not as easy. With Windows, the attacks use some known security issues.”

Originally posted TechTarget | August 2017

Developed by KLPR – a Business and Tech PR Agency in London. Contact Kelly Lloyd-Watson or the KLPR team on 020 8996 5061