CTERA says independent tests show its AI-powered detection finds ransomware attacks before encryption is completed.
The company provides cloud-based distributed file services based on a central object storage system, either on-premises or in the public cloud. This enables geo-distributed users to access shared and synchronized unstructured data. It provides a Ransom Protect facility, which uses machine learning models to look for odd user and application actions, like a spike in encrypted writes, and applies preventative measures to stop attacks completing.
CTERA CEO Oded Nagel said: “Instead of relying solely on reactive recovery, CTERA Ransom Protect automates threat detection and response in real time. This shifts the paradigm from lengthy, costly post-attack cleanups to proactive prevention.”
The testing by the Israel-based Synergy7 Cybersecurity Lab measured detection and mitigation performance under real-world ransomware attack simulations. It used the Govdocs1 dataset and tested across eight major ransomware families, including REvil and LockBit. The tests completed a full attack chain evaluation, from initial compromise to attempted encryption and data exfiltration, to ensure real-world relevance.
Each attack was executed twice: once to measure pure detection capability without active blocking, and once with the ransomware mitigation feature enabled, limiting the encryption and stopping the attack.
According to Synergy7’s report, all eight ransomware families were successfully detected by CTERA’s software before completing encryption. The median time to block attacks was 24.5 seconds. With the mitigation feature enabled, attacks resulted in less than 10 percent file encryption, with a median of 2.28 percent of files affected. The dataset was fully encrypted when the mitigation feature was disabled.
Synergy7 CEO Harel Ram said: “One of the most significant challenges in cybersecurity is the validation gap. While vendors make bold claims about ransomware protection, customers are rightly hesitant to unleash actual ransomware within their own environments to verify them. Our mission is to bridge that gap with rigorous, independent testing that replicates the sophisticated attacks enterprises now face.”
View the full report here.
