Kaspersky Cryptomalware Countermeasures Overview

This document is a technical guide detailing the Kaspersky Cryptomalware Countermeasures Subsystem, developed to protect user data from cryptomalware threats. It outlines the increasing prevalence of cryptomalware, particularly ransomware, which encrypts user files and demands payment for decryption. The guide explains the evolution of cryptomalware, highlighting the transition from symmetric-key algorithms to more complex public-key cryptography methods, exemplified by the Cryptolocker Trojan. The document describes how Kaspersky's System Watcher module operates by monitoring system events and creating local backups of files when suspicious activity is detected. If malicious activity is confirmed, the System Watcher rolls back any unauthorized changes, ensuring user data remains protected. The guide emphasizes that traditional backup methods may not suffice, as they do not protect recently modified files. The Kaspersky Cryptomalware Countermeasures Subsystem is integrated into various Kaspersky products for both home users and businesses, providing a proactive approach to safeguarding against evolving cryptomalware threats.