There was a time where Cyber Crucible software was not stopping ransomware encryption pre-encryption. Instead was collecting possible encryption keys or settings, then using a variety of techniques to figure out the proper decryption package (keys included) to decrypt after a ransomware attack.
From the standpoint of what we collected, a good analogy might be a video camera that would take pictures of everything that might be a key to a locker. Then, a server would work out the various math to determine the proper key and settings for the proper file. Computer scientists would call this machine learning.
Before we moved on from the old “collect anything that might be a key” software model, we were organizing thousands of keys and encryption settings per machine automatically in attacks.
The cryptographic analysis software module has now evolved in an additional behavioral analytic module which is used as one data source to determine if software is trying to improperly access identity data or “data data” to steal or encrypt.