lolloj - Fotolia
Acronis is turning to artificial intelligence, or AI, to combat ransomware attacks.
The Burlington, Mass., company has built a new version of its Active Protection technology that is integrated into Acronis True Image backup software and uses machine learning to help prevent ransomware viruses from corrupting data.
The software attempts to detect suspicious application behavior before files are corrupted.
"Before, with Active Protection, we detected changes in files. We looked at files, and if multiple operations of encrypting files occurred, an alert was raised," said Gaidar Magdanurov, vice president and general manager for consumer and online business at Acronis. "Now, we look at what the application is doing. Ransomware can inject code into the application and, on behalf of the application, it encrypts your files."
Magdanurov said ransomware attacks have begun to affect home users and smaller business customers.
True Image is a consumer backup tool. In the past, Acronis has added Active Protection and other security features in its Acronis Backup application for businesses after first including them in Acronis True Image backup.
The updated Acronis Active Protection collects data and sends it to the Acronis Cloud AI infrastructure for analysis. Machine learning models are created from expected and unexpected behavior, and malicious and legitimate processes. These models become part of the Active Protection so that Acronis True Image can protect a system's data independent of an internet connection while combating ransomware.
Active Protection can then detect suspicious behavior and check it against the normal process using heuristic analysis and the machine learning models. Any process deemed abnormal prompts the Acronis True Image backup software to send an alert to the administrator.
Real-time monitoring helps verify processes so normal activities continue to run while irregular behavior is stopped. True Image will automatically restore files that were encrypted from the backup.
Magdanurov said the latest version of Active Protection analyzes unusual patterns of data modifications. It analyzes pieces of files on different parts of the hard drives and can detect if any piece of a file is corrupted, he said.
True Image moves 'beyond backup'
Phil Goodwinresearch director for storage systems, IDC
Phil Goodwin, research director for storage systems at IDC, said Acronis True Image backup acts more like malware detection with this new technology.
"It's pretty interesting. They are still different from malware detection, but they are moving in that direction," he said. "This is beyond backup."
Goodwin said the use of machine learning technology helps to protect the Acronis True Image backup software and primary data in combating ransomware.
"Previously, a malware event attacked the systems," he said. "Now, they are trying to propagate in the backup software itself."
Acronis also updated the Active Protection to combat macOS ransomware attacks. While Windows was hit with WannaCry and Petya ransomware attacks, some of the attacks on Mac systems include KeRanger, Patcher and MacRansom.
"There are new types of ransomware attacking Mac computers," Magdanurov said. "It's different in scale because there are less Mac computers. Also, creating ransomware to attack Mac computers is not as easy. With Windows, the attacks use some known security issues."
Using backup for ransomware protection
Object storage can help with ransomware recovery
Frequently asked ransomware questions answered