iSecurity Anti-Ransomware

What is iSecurity Anti-Ransomware?

Anti-Ransomware protects against a ransomware attacks that may change and/or access IBM i files and objects on the IFS.  Ransomware is a malicious program usually initiated from hacked PC device that encrypts a victim's files and objects using a public key generated from another computer. That computer holds the private key which is needed to decrypt the encrypted files, and it can only be easily decrypted using that private key. Most times the files and objects remain encrypted on a computer system until a sum of money is paid to its creator and the creator releases the key to the victim allowing the files to be decrypted.

Now, the IBM i is longer an isolated system, it is connected to other databases and computer systems through networked environments and connectivity. Almost any file or object can be stored, created, updated within the IFS on the IBM i and will behave like any other device on that the mapped PC can access. Ransomware does not discriminate. It will encrypt every object and file that it can access on the IFS, as well as the contents of connected devices, mapped network drives, network local shares and cloud storage services that are mapped to the infected PC device leaving organizations feeling paralyzed, exposed and without many options but to pay the ransom fee hoping the key to decrypted will be release to them or going to a previous backup and recovery point, if possible.

This is why you need Anti-Ransomware for your IBM i System, here’s a quick feature list of the product.

Features of iSecurity Anti-Ransomware

  • Identifies, delays, stops, and reports ransomware attack in real-time.
  • Incorporates the usage of honeypots (malware honeypots are sacrificial files) to distract and delay ransomware/malware from encrypting true company/production objects.
  • Based on a combination of methods which identify behavioral characteristics such as activity on objects, names, extensions, encryption status, and honeypots.
  • Can detect Zero-Day (unknown) ransomware variants based on other indications.
  • Classifies the dangers and determines the appropriate way to neutralize the problem based on the existing situation and the customer’s preferences.
  • Detection of ransomware is fast and accurate.
  • Disconnects the intruder and sends email, messages and Syslog messages to up to 3 SIEMS in CEF/LEEF formats
  • Full log. Query generator with PDF, HTML, Zip & email ransomware definitions are updated from the web every two hours