3 Steps To Prevent Ransomware….
1)File State Detection:You must do “File State Detection” (FSD)…(Identify if a file is in Good, bad, Unknown states)
2)Virtualize Unknown: For all unknowns you find during FSD, run them with Hard Drive, Registry and COM virtualization on. (malware can only be inside unknown files and now they are all virtualized and can’t touch the real stuff)
3)Verdict Unknown while in Virtualization: what you find…(analyze the unknown files while being virtualized)
Imagine how we find the criminals…we first figure out which vicinity or building they are hiding in…this is the File State Detection step…it allows us to focus on only on the unknown executable files…its like finding the building the criminals are hiding it… malware/ransomware will be an “unknown executable” file.
once we identified these unknown files…we say, hang on a minute…we don’t know you …so we will be cautious and run you in a virtualized environment so that you can’t do any damage…so we turn the virtualization on to virtualize the hard drive, registry and COM interface. This pretty much guarantees that this unknown file running in virtualization cannot cause any change/modification to any of the files you have in hard drive or registry…or can’t try to communicate via COM interface to other legit applications…
then we send this file to our Valkyrie…to determine what that code really does…a through colonoscopy and open heart surgery later, we know exactly what this file does and it gets a verdict whether its a good file or a bad file…If it turns to be a bad file…Valkyrie will issue a death warrant and will be killed inside virtualization…if its good, Valkyrie will show mercy and won’t be virtualized next time its run…
But what if this unknown file is a good file? No problem, it will still operate without the user even noticing as its still running virtualized, and next time it won’t run inside virtualization…