회사소개

제품

안내

고객지원

Company Overview

Product

Information

Support

Thông tin về công ty

Sản phẩm

Thông tin

Hỗ trợ chung

Ransomware defense technology

Behavior-based ransomware block solution, ‘ZombieZERO’

Ransomware defense technology

Method 1) Ransomware Detection/Blocking

ZombieZERO detects the increase of malicious entropy by classifying with Behavior Detection Category such as encrypting API, file manipulating API and existence of Sign. So when higher figures of entropy appear, it judges the process as a malicious code such as Ransomware and isolates and uploads the pattern data to ESM. So ZombieZERO ESM shares the pattern data with other ZombieZERO Agent to prevent infection and spread.

npcore

Method 2) Ransomware Detection/Blocking

– Detects/blocks the file change/manipulating of certain unauthorized program, not authorized one

– Installed on I/O driver, so prevents an external conflict.

npcore

Ransomware Detection/Blocking Screenshot

Ransomware detection/blocking log messages

npcore

After isolation, the ransomware’s pattern data is automatically registered on blacklist

npcore

Blacklist blocking log (Blocking before execution)

npcore