ENTERPRISE DATA PROTECTION WITH RANSOMWARE PROTECTOR V1
RPV1 is a non-signature-based system and protects Windows desktops from file-based ransomware. RPV1 is a Drive based ransomware run only with admin privilege.
How Ransomware Protector V1 Works:
- Works on Windows desktops by monitoring the file system
- Initiates a warning to user when any program starts working on files (rename/write, delete) – users are provided with option to mark as known process
- On deployment, the file name, process name and port name of services are customized, RPVI is trained with at least 10 machines and a whitelist process is made. A pre trained Ransomware Protector is thus deployed on network, so users do not get confused when to press yes/no
- If a process tries to delete or rewrite more than 5 files in 45 seconds, a notice message-box is displayed. In the event of a delayed user response to press Yes (for ransomware), the program automatically understands that the process is ransomware
- When ransomware starts, RPV1 starts taking backup of each file encrypted by ransomware, terminates ransomware in memory, and restores the files from backup
- RPv1 ensures that any Ransomware bypassing the Antivirus/not detected by Antivirus is “caught”
RPVI Uses Microsoft Policy and restricts folders from which executable can run. Accidentally executable programs will not run from any folder and block executable extensions running from unauthorized locations.