Anti-Ransomware

Ransomware is malicious software (malware) that employs encryption to hold a victim’s information at ransom. In a ransomware attack, data is encrypted, which prevents access to it, and the attacker demands a ransom payment in return for decrypting the files.

How Powertech Antivirus Prevents Ransomware Attacks

Powertech Antivirus prevents ransomware attacks by detecting and alerting for potential ransomware attacks, and can also be configured to automatically take action when an attack is detected.

Powertech Antivirus helps protect against ransomware attacks in two ways:

The APEX (Access Pattern and Encryption Activity eXtended) detection method evaluates patterns in NetServer access to the Integrated File System (IFS). When APEX detects suspicious encryption activity, this suspicion level is compared to two thresholds:

a Message Threshold, which defines when a warning message is sent to the Powertech Antivirus message queue; and

a Block Threshold, which defines when the accessing user is blocked.

Canary files can be defined. A canary file is a decoy file placed within the IFS by the system administrator. If a user attempts to modify, rename or delete a canary file, the user will be blocked immediately.

IMPORTANT: Anti-ransomware functionality is only available on IBM i Endpoints.

Copyright © Fortra, LLC and its group of companies.
All trademarks and registered trademarks are the property of their respective owners.
6.4 | 202505220734 | May 2025