Ransomware is a type of malware that has historically been designed to encrypt data and make systems that rely on it unusable. Malicious actors then demand ransom in exchange for decrypting the data. Since 2019, we saw a huge rise in the number of ransomware attacks, where many companies were faced with their IT infrastructure and data becoming encrypted and many got their data stolen by different ransomware groups. So many organizations worldwide have faced ransomware attacks, and looking at the statistics, the number of large organizations that have been impacted only seems to be rising.

1. Introduction Cubic-Crystal®™ Ransomware Monitoring and Blocking System is a defense system for encryption type ransomware. Unlike conventional static defense products based on feature codes, it features rich and comprehensive system-level behavioral monitoring as the engineering basis and accurate judgment of encryption operations as the theoretical support, realizes real-time monitoring and discovery of encryption-type ransomware, and possesses the linkage-based protection ability to block encryption ransomware behaviors in a timely manner when they occur.

1. Technical comparisons The design concept of Cubic-Crystal®™ Ransomware Monitoring and Blocking System is “Fighting ransomware with cryptography”, and its core realization principle is to determine whether there is any malicious file encryption behavior through the monitoring of the file system, which is an essential feature of ransomware and cannot be hidden or changed. The ransomware discrimination method used by antivirus systems is mainly feature recognition, which is triggered when features such as file fingerprints (hashes) and command fingerprints are determined.

1. LockBit ransomware LockBit ransomware first emerged in September 2019 and quickly became one of the most active and notorious threat groups ThreatLabz followed. The past year saw some significant developments, with two new versions of the ransomware. In June 2022, the group released LockBit 3.0 (a.k.a. LockBit Black, because it shares code with the defunct BlackMatter ransomware). In September 2022, the LockBit 3.0 builder was leaked. After the leak, several other ransomware groups including SchoolBoys and the Bl00dy ransomware gang used the builder to create and launch their own ransomware campaigns.

1. BlackCat/ALPHV ransomware The BlackCat group is a sophisticated RaaS operation, active since November 2021, known for using a variety of methods to infiltrate victim networks, including exploiting known vulnerabilities, phishing attacks, and social engineering. Once inside a network, BlackCat operators typically use a combination of tools and techniques to move laterally, escalate privileges, and exfiltrate data. The group then deploys its ransomware payload, which encrypts the victim’s files. BlackCat is implemented in the Rust programming language, which is efficient for file encryption and cross-platform compatibility.