CryptoStopper addresses the infection phase - Phase 2 - of a ransomware attack. It is very limited in its function-ality in that it detects encryption activity only on a network share. There are lots of reasons that we believe that this is not enough. First, we know that not all users save documents to share drives. For example, users traveling often keep working documents on their end-point devices. Second, drafts often are kept on the endpoints with the share drives used for sharing and archiving. Finally, there are users who never come into the office - home workers, telecommuters, etc. - and they find the access to share drives over the internet to be cumbersome so they keep documents on the endpoint machines. None of these are protected from ransomware, especially given that the endpoint is the target of the ransom-ware initially.
展开▼
