For the last several years, ransomware has grown into an industry with plenty of malware families, dedicated criminal gangs and attacks-as-a-service. In Q2 2021 alone, 3,905 new ransomware modifications appeared in the wild, while 97,451 users were attacked globally, about 6.000 more than in the previous quarter, according to Kaspersky’s research. When getting to a system, such an attack spreads quickly from one machine to another, while the remediation and restoring files may last days or even weeks. To avoid such a painful and costly consequence, businesses should use a reliable and proven cybersecurity solution that can detect malicious activity and roll back the encryption.
AV-TEST examined 11 endpoint protection platforms for three scenarios: real-world ransomware attacks on user files stored in a local system, real-world ransomware attacks on user files located in a remote shared folder, and Proof of Concept of ransomware attacks on user files on a local system. During the test, the products were expected to detect ransomware activity and its files, block it, roll back any user files changes and eliminate the threat from the targeted system. The test included 21 ransomware families such as REvil, Ryuk, Conti, Lockbit, pysa, Ragnarlocker, Ransomexx and others, as well as 14 PoCs.
Kaspersky Endpoint Security Cloud completely blocked 100% of attacks in all three scenarios with no single user file being encrypted, and threats were eliminated from the protected system. Kaspersky Endpoint Security Cloud scored the highest protection rate across all products tested, proving its value for businesses against this type of attack. It was able to protect business data in an employee’s desktop if it is attacked and in shared folders if they are compromised by existing ransomware families but also samples specially designed for the test. The latter, however, includes various real encryption techniques used by adversaries.
Ransomware protection from different products. “Completely blocked” means that ransomware was detected, and all user files were protected. “Partially blocked” means that ransomware was detected, but some user files were lost (not protected).
“Kaspersky offered a high level of protection against all ransomware attacks in our tests. It clearly outperformed the other reviewed products. Regardless of whether we're speaking about Revil or Ryuk or Conti – none of them was effective and able to perform the malicious actions when Kaspersky was protecting the system,” says Andreas Marx, CEO, AV-TEST.
“Although ransomware can really switch off a business for some time and it can be very hard and expensive to restore the data, protection from it doesn’t demand sophisticated measures or huge investment. Following simple rules such as backing up data and educating employees to not open phishing emails, together with a good endpoint security product should work just as well. It’s great to see the results of AV-TEST proving that Kaspersky endpoint protection platform can be such a safe option and guarantee absolute protection against ransomware,” comments Andrey Dankevich, Senior Product Marketing Manager at Kaspersky.
The full report, “Advanced Endpoint Protection: Ransomware Protection Test”, requested by Kaspersky and performed by AV-TEST GmbH, can be found here.
For more information about Kaspersky Endpoint Security Cloud, please visit its product page here.