No ransomware on servers: new Anti-Cryptor technology

Cryptomalware can infiltrate and encrypt an entire network – including its backups – within minutes.

Kaspersky Lab has unveiled a new version of Kaspersky Security for Windows Server application, developed specifically for high performance corporate servers. It is enhanced with new Anti-Cryptor technology, which could land this particular release among the year’s most important.

Cryptors, ransomware, cryptomalware – three different names for today’s cybersecurity scourge. Prevention and self-protection algorithms are well-known: “cold” backup, antiphishing tools, signature malware blocking, and sandboxing. However, it always looks as though ransomware hits out of the blue. As Andrey Pozhogin mentioned last week, cybersecurity-related forums are abuzz with discussions how to deal with cryptors.

For instance, the first page of Reddit’s /r/netsec section carries links to news regarding Petya ransomware (which had been cracked a couple of days ago) and PowerWare, yet another cryptor apparently derived from PoshCoder cryptomalware. At least five more ransowmare-related threads are there in the /r/Malware section. Some of the issues have been successfully resolved, but just a few. The rest are not that fortunate. There are even cases where the ransom was paid and the decryption keys were acquired from the criminals, but those keys didn’t work.

Cryptomalware can infiltrate and encrypt an entire network – including its backups – within minutes. In fact everything within the corporate network requires technical means to prevent ransomware from encrypting data, but file servers are the “weakest spot”, in the sense that if they are attacked by ransomware, businesses experience heavy interruption, down to termination of all processes.

The new version of Kaspersky Security for Windows Server contains a number of protective technologies aimed at preventing malware from launching and spreading.

The solution identifies and scans critical areas of a business’s corporate servers for malware, helping to strengthen those areas of the operating system that are most exposed to infection.

For example, scanning Autorun files can help prevent malware from launching during system startup. Any hidden processes are also exposed.


To help protect businesses from unknown and advanced threats, Kaspersky Security for Windows Server includes Application Startup Control: using configured rules IT staff can allow or block the startup of executable files, scripts, and installation packages, or the loading of program modules onto servers.

Then there is Anti-Cryptor technology based on Kaspersky Lab’s own algorithm: behaviour analysis is used here to detect and protect shared folders from encryption activity.

And if, for some reason, this encryption starts, there is a malicious host blocker: if any malicious activity is detected through Real-Time File Protection or Anti-Cryptor activities, access to shared network folders is immediately restricted to a secure server, protecting files from damage by any malicious third parties.

Kaspersky Security for Windows Server is available as a part of a Kaspersky Security for File Server, Kaspersky Endpoint Security for Business and Kaspersky Security for Storage.