Anti-Ransomware for IBM i

STOP ransomware attacks as they start
Identify attacks of both known and zero-day ransomware
New Attack Simulator
Alert by email, send message to SIEM

Anti-Ransomware
for IBM i

STOP ransomware attack as it STARTS ZERO
compromised files New Attack Simulator Recycle Bin

HEALTHCARE OFFER

Besides the free trial that we normally offer our customers, we are offering healthcare organizations of all types full free* iSecurity Anti-Ransomware protection of their IBM i through the end of 2020.

How Anti-Ransomware Works

“If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.”

James Whitcomb Riley (1849-1916)

“The same works for ransomware.” 

Shmuel Zailer, CEO, Raz-Lee Security

As in the well-known “Method of Detecting a Duck”, the product detects ransomware by analyzing their behavioral characteristics, as well as optionally using honeypots (deception files).

While file extensions of known ransomware are helpful, the product also detects Zero-Day (unknown) ransomware variants based on other indications.

Our tests with real live ransomware show that detection is fast and accurate.

The software continuously monitors and assesses:

  • Order of activities in the IFS shares
  • Intermediate and final results of the activity
  • Unusual or unexpected internal changes to the files
  • Known Information about ransomware: File names, File Extensions, Structure
  • Unexpected activities with honeypots

Attack Simulator

The Anti-Ransomware attack simulator can simulate known ransomware such as Sodinokibi, Ryuk, CryptoLocker, or WannaCry. The attack simulator can also simulate unknown zero-day ransomware.

The attack simulator runs from a PC. It can be reused repeatedly to test various conditions on the IBM i. Simulated attacks are completely safe, but the IBM i sees them as realistic ransomware attacks. With it, organizations can have confidence that their IBM i is well protected.

Reactions are composed by:

  • Message to QSYSOPR
  • Inform SOC via SIEM(s)
  • Email system admin
  • End attacking User from IP
  • End system wide File Server
  • Hibernate/Shutdown infected PC
  • Submit/Call user program

Without protection

*****************************************************************************
* iSecurity/Anti-Ransomware Attack Simulator Time: 2020-07-09-16.43.31
* Simulating attack on drive A: mapped to IFS folder /atptest.
* User description for the attack . . . . . : Known ransomware without protection
* Simulation of ransomware with extension: WNCRY
*****************************************************************************
Now attacking A:\2016.xlsx
Attack completed. File “A:\2016.xlsx.WNCRY” COMPROMISED.
Now attacking A:\Balance.xlsx
Attack completed. File “A:\Balance.xlsx.WNCRY” COMPROMISED.
Now attacking A:\Business.xlsx
Attack completed. File “A:\Business.xlsx.WNCRY” COMPROMISED.

Now attacking A:\PLossSt.xlsx
Attack completed. File “A:\PLossSt.xlsx.WNCRY” COMPROMISED.
Now attacking A:\SInvoice.xlsx
Attack completed. File “A:\SInvoice.xlsx.WNCRY” COMPROMISED.
Now attacking A:\SOrd.docx
Attack completed. File “A:\SOrd.docx.WNCRY” COMPROMISED.
Now attacking A:\SOrder1.docx
Attack completed. File “A:\SOrder1.docx.WNCRY” COMPROMISED.
Now attacking A:\WH_inv.xlsx
Attack completed. File “A:\WH_inv.xlsx.WNCRY” COMPROMISED.
End of Ransomware attack in A:

*****************************************************************************
* iSecurity/Anti-Ransomware
* User description for the attack . . . . . : Known ransomware without protection
* Simulation of ransomware with extension . : WNCRY
* Attack completed on drive A: mapped to IFS folder /atptest.
* ALL 2217 FILES CORRUPTED.
* Activate iSecurity/Anti-Ransomware, and run the Simulator again.
*****************************************************************************

With protection

*****************************************************************************
* iSecurity/Anti-Ransomware Attack Simulator Time: 2020-07-09-16.45.47
* Simulating attack on drive A: mapped to IFS folder /atptest.
* User description for the attack . . . . . : Known ransomware with protection
* Simulation of ransomware with extension: WNCRY
*****************************************************************************
Now attacking A:\2016.xlsx
Attack completed. File “A:\2016.xlsx.WNCRY” COMPROMISED.
Now attacking A:\Balance.xlsx
Attack completed. File “A:\Balance.xlsx.WNCRY” COMPROMISED.
Now attacking A:\Business.xlsx
Connection to IFS is disabled. Attack failed. File A:\Business.xlsx SURVIVED.

*****************************************************************************
* iSecurity/Anti-Ransomware *STOPPED* the attack.
* User description for the attack . . . . . : Known ransomware out protection
* Simulation of ransomware with extension: WNCRY
* 2 Files compromised before the attack was detected and stopped
* Alerts were sent to the Administrator.
* Future connections to the mapped drive are rejected.
* To clear the attack use GUI or STRAR, 11.

*****************************************************************************

Ransomware Statistics

iSecurity Anti-Ransomware Key features:

  • Stop Ransomware attacks as they start

  • Identify attacks of both known and zero-day ransomware

  • Alert by email, send message to SIEM

  • New attack simulator

  • Works from within the IBM i

Copyright © 2020 Raz-Lee Security. All rights reserved.