Anti-Ransomware for IBM i
STOP ransomware attacks as they start
Identify attacks of both known and zero-day ransomware
New Attack Simulator
Alert by email, send message to SIEM

Anti-Ransomware
for IBM i
STOP ransomware attack as it STARTS ZERO
compromised files New Attack Simulator Recycle Bin
HEALTHCARE OFFER

How Anti-Ransomware Works
“If it looks like a duck, swims like a duck, and quacks like a duck, then it probably is a duck.”
James Whitcomb Riley (1849-1916)
“The same works for ransomware.”
Shmuel Zailer, CEO, Raz-Lee Security
As in the well-known “Method of Detecting a Duck”, the product detects ransomware by analyzing its behavioral characteristics, as well as optionally using honeypots (deception files).
While file extensions of known ransomware are helpful, the product also detects Zero-Day (unknown) ransomware variants based on other indications.
Our tests with real live ransomware show that detection is fast and accurate.
The software continuously monitors and assesses:
- Order of activities in the IFS shares
- Intermediate and final results of the activity
- Unusual or unexpected internal changes to the files
- Known Information about ransomware: File names, File Extensions, Structure
- Unexpected activities with honeypots

Attack Simulator
The Anti-Ransomware attack simulator can simulate known ransomware such as Sodinokibi, Ryuk, CryptoLocker, or WannaCry. The attack simulator can also simulate unknown zero-day ransomware.
The attack simulator runs from a PC. It can be reused repeatedly to test various conditions on the IBM i. Simulated attacks are completely safe, but the IBM i sees them as realistic ransomware attacks. With it, organizations can have confidence that their IBM i is well protected.
Reactions include:
- Message to QSYSOPR
- Inform SOC via SIEM(s)
- Email system admin
- End attacking User from IP
- End system wide File Server
- Hibernate/Shutdown infected PC
- Submit/Call user program
Without protection
*****************************************************************************
* iSecurity/Anti-Ransomware Attack Simulator Time: 2020-07-09-16.43.31
* Simulating attack on drive A: mapped to IFS folder /atptest.
* User description for the attack . . . . . : Known ransomware without protection
* Simulation of ransomware with extension: WNCRY
*****************************************************************************
Now attacking A:\2016.xlsx
Attack completed. File “A:\2016.xlsx.WNCRY” COMPROMISED.
Now attacking A:\Balance.xlsx
Attack completed. File “A:\Balance.xlsx.WNCRY” COMPROMISED.
Now attacking A:\Business.xlsx
Attack completed. File “A:\Business.xlsx.WNCRY” COMPROMISED.
Now attacking A:\PLossSt.xlsx
Attack completed. File “A:\PLossSt.xlsx.WNCRY” COMPROMISED.
Now attacking A:\SInvoice.xlsx
Attack completed. File “A:\SInvoice.xlsx.WNCRY” COMPROMISED.
Now attacking A:\SOrd.docx
Attack completed. File “A:\SOrd.docx.WNCRY” COMPROMISED.
Now attacking A:\SOrder1.docx
Attack completed. File “A:\SOrder1.docx.WNCRY” COMPROMISED.
Now attacking A:\WH_inv.xlsx
Attack completed. File “A:\WH_inv.xlsx.WNCRY” COMPROMISED.
End of Ransomware attack in A:
*****************************************************************************
* iSecurity/Anti-Ransomware
* User description for the attack . . . . . : Known ransomware without protection
* Simulation of ransomware with extension . : WNCRY
* Attack completed on drive A: mapped to IFS folder /atptest.
* ALL 2217 FILES CORRUPTED.
* Activate iSecurity/Anti-Ransomware, and run the Simulator again.
*****************************************************************************
With protection
*****************************************************************************
* iSecurity/Anti-Ransomware Attack Simulator Time: 2020-07-09-16.45.47
* Simulating attack on drive A: mapped to IFS folder /atptest.
* User description for the attack . . . . . : Known ransomware with protection
* Simulation of ransomware with extension: WNCRY
*****************************************************************************
Now attacking A:\2016.xlsx
Attack completed. File “A:\2016.xlsx.WNCRY” COMPROMISED.
Now attacking A:\Balance.xlsx
Attack completed. File “A:\Balance.xlsx.WNCRY” COMPROMISED.
Now attacking A:\Business.xlsx
Connection to IFS is disabled. Attack failed. File A:\Business.xlsx SURVIVED.
*****************************************************************************
* iSecurity/Anti-Ransomware *STOPPED* the attack.
* User description for the attack . . . . . : Known ransomware out protection
* Simulation of ransomware with extension: WNCRY
* 2 Files compromised before the attack was detected and stopped
* Alerts were sent to the Administrator.
* Future connections to the mapped drive are rejected.
* To clear the attack use GUI or STRAR, 11.
*****************************************************************************
Ransomware Statistics


iSecurity Anti-Ransomware Key features:
Stop Ransomware attacks as they start
Identify attacks of both known and zero-day ransomware
Alert by email, send message to SIEM
New attack simulator
Works from within the IBM i