...
Despite the very large number of ransomware and extortion-themed software samples, they can be behaviorally categorized into a relatively small number of sets.
On the surface, though, “skin-deep” defenses used by a variety of security tools have a very large number of extortion tools to try to counter. It is important to understand our behavioral analytics run much deeper into the attacker tools and tradecraft, dramatically reducing the need for some type of (impossible) exhaustive testing of all possible malware at all times.
The Cyber Crucible developers categorize the kernel level memory, process, and file behaviors of an extortion tool, then ensure it fits into one of the known defensive capabilities. Occasionally, similar to a vaccine, the formula can be tailored slightly to produce a more accurate response.
...