Ransomware Defeated


Ransom Data Guard

Ransom Data Guard is a disruptive solution to effectively solve ransomware threats for everyone from individuals to enterprises.  Recognize and repel ransomware attacks utilizing Ransom Data Guard’s combination of proprietary Active Cypher encryption orchestration, smart AI, and advanced endpoint protection.

Survive ransomware attacks 24-7 with your files safely restored to a cleaned or replaced device.  Protection starting at $120/yr.

Recognize & Remove

Automated AI-powered sensors recognize ransomware threats allowing Ransom Data Guard's proactive protection to block ransomware before it can attack your files.

Proactive Protection

Ransom Data Guard effectively shields clients from all permutations of ransomware attacks like WannaCry, RobbinHood, TeslaCrypt, Locky, Hidden Tear, Petya, Bad Rabbit, Gandcrab, Rakhni, Sodinokibi, and Rannoh.

Realtime Reporting

Ransom Data Guard notifies realtime IT administrators of probable threats and the actions it has already taken to quarantine and destroy malicious programs.

Easily Deployed

Ransom Data Guard deploys in minutes for individuals and SMBs. Enterprises can be up and running in an afternoon.

Industry-Level Compliance

Ransom Data Guard ensures compliance with multiple industry requirements.

No User Interaction

Ransom Data Guard provides immediate protection without any user interaction. Fully automated shielding.

Learn more about Active Cypher Ransom Data Guard.

Join the Waitlist

Get early access to Ransom Data Guard's disruptive solution.

Every 10 Seconds There Is A Ransomware Attack

The profitability of ransomware’s extortion has plagued individuals, businesses, and government agencies alike.  The best protection against this threat today is Active Cypher’s Ransom Data Guard which provides fully operational ransomware prevention upon installation, using encryption of the data at the file level and other proprietary methods that ensure that files are protected from a ransomware’s deployment.


Average hourly cost of downtime*


Number of 2019 Breaches**


of organizations were attacked over the past 3 years*

*IDC Report  **SonicWall

Microsoft Windows

Protects any Home, Education, or Professional Edition of Windows, connected to work environments, or not.


Protects data located in your Desktop, Downloads, Documents, Pictures, and Videos folders automatically, providing a safe operating environment for your data even during a ransomware breakout on your own machine.

Survival Mode

Data Guard Survival Mode provides recovery and continuity of your personal and professional life by allowing for the automatic and instantaneous recovery of all your protected files to a new, or “cleaned” machine from a USB drive, or Cloud account (like Dropbox, OneDrive).

Over 400 file types protected

Personal protection for your pictures, document, and videos including Office documents, Adobe files, compressed (zip) files, and over 400 file types.


Allows you to move between editions or devices (backup on Windows 10 Home Laptop, restore to Windows 10 Pro Workstation).

Customizable Protection

Data Loss Protection options include Microsoft Compliance Center Sensitivity Labels, AESQES, automated backups.

Learn more about Active Cypher Ransom Data Guard.

One of the most infamous ransomware variants

As its name suggests, WannaCry’s unfortunate success has led to much grief.  Starting in May 2017, WannaCry has infected over 300,000 computers in practically every country in the world by taking advantage of an unpatched Microsoft Windows vulnerability (MS17-010).  While a patch was released, some estimate millions of computers remain vulnerable.

EternalBlue, an exploit that was allegedly developed by the United States’ National Security Agency (NSA), was released publically by a group of hackers called the Shadow Brokers.  EternalBlue allowed WannaCry to spread rapidly, with DoublePulsar being the ‘backdoor’ installed on the infected computers.

The $2 billion ransomware

Discovered at the end of 2018, GandCrab is part of Ransomware-as-a-Service (RaaS) deployment and has quickly become a very commonly seen ransomware threat.  GandCrab is the first ransomware to demand payment in DASH cryptocurrency and while utilizing the “. bit” top level domain (TLD). This TLD is not sanctioned by ICANN and it therefore provides an extra level of secrecy to the attackers. GandCrab uses AES-256, RC4, and RSA-2048 encryption for encrypting AES keys, the victim’s data, and Network traffic data respectively.

Perhaps with a sick level of obnoxiousness, the developers of GandCrab boasted that they were shutting down their operations in January 2019 and retiring after their ransomware made a $2 billion in total, netting them $150 million personally.  The crooks behind GandCrab actively updated their RaaS, keeping up with new security patches.  Will GandCrab ever come out of retirement?

State-Sponsored Ransomware?

Sodinokibi is allegedly distributed by attackers affiliated with those that distributed the infamous GandCrab ransomware. Perhaps hinting to a level of state-sponsorship, Sodinokibi avoids infecting computers from Iran, Russia, and other countries that were formerly part of the USSR.  The ransomware uses an Elliptic Curve Integrated Encryption Scheme (ECIES) for key generation and exchange (Elliptic-curve Diffie-Hellman key exchange algorithm).

Sodinokibi uses AES and Salsa20 algorithms to encrypt session keys and user’s files respectively.  AES is also used to encrypt network data that is sent to the control server. The ransomware typically demands from the victim around 0.32806964 BTC (≈ $2,500) to regain access to the encrypted files.

No charity with this Robbinhood

Despite its name, RobbinHood ransomware is not stealing from the rich to give to the poor. Instead, the malicious code which is gaining popularity in the black hat worlds, targets enterprise and critical government infrastructure, feeding ransom to itself.  In 2019 alone, RobbinHood successfully attacked and received ransom payouts from the cities of Baltimore, Maryland, and Greenville, North Carolina.

Robbinhood’s ransom isn’t at all cheap.  Demands from the malicious actors can range from 3 Bitcoin for a single computer up to 13 Bitcoin for a organization’s network, which translates to tens of thousands of dollars.  Some cities have reportedly paid millions.

How does Ransom Data Guard protect against ransomware?

Ransom Data Guard takes a proactive approach to defending against ransomware by ensuring that malicious software is made harmless and automatically deleted.  Unlike other solutions, Ransom Data Guard does not require user interaction nor IT oversight.

What is ransomware?

Ransomware is a form of malware (trojan or other virus) utilized by malicious actors to extort money from individuals, businesses, and governments.  While many types of ransomware exist, a typical attack encrypts a victim’s data and displaying instructions how to pay a ransom payment – usually in the form of cryptocurrencies like Bitcoin.  Ransomware is not cheap and there is no guarantee for success in decryption.

In fact, while cybercriminals promise to provide a decryption key upon payment of the ransom – 40% of victims who pay unfortunately never regain access to their data.

How do I prevent ransomware?

Phishing attacks, in which a victim receives a legitmate looking email that tricks them to click a malicious link or open a infected attachment, are often used with disasterous success to spreading ransomware.

While many corporations and organizations have instituted countless hours of cybersecurity training, cybercriminals are often devising new manners to inject ransomware into networks.  Training unfortunately only goes so far.  In fact, a test of 1000 CIOs revealed, 32% clicked on a potentially malicious link.  The lapse of a single user can put an entire company at risk.

Conventional anti-virus software which look for previously classified types of ransomware cannot keep up with today’s ever-evolving threats.  Ransom Data Guard’s AI stands ahead of the pack, detecting ransomware attacks based on suspicious activities, preventing the malware from taking any malicious action, and automatically deleting it.

Who is behind ransomware attacks?

Ransomware has become an enormous business perpetrated by both organized crime and nation-state actors.

Organized criminals are motivated by extorting as much money as possible. Increasingly they distribute their malware as ransomware kits that anyone can use – even if they don’t have much technical expertise. The ransomware as a service (RaaS) model sadly has been very effective at spreading their malicious software. The criminals facilitate the payments and decryptions while taking a percentage of the collected ransom.

Nation-states have utilized ransomware as a means to both to a source of revenue and  a manner to disrupt the economic and governmental well-being of their rivals.  The large resources a nation-state has at its disposal to mount such attacks is especially perturbing.

How do I decrypt my files?

The majority of popular ransomware strains utilize such strong encryption that decrypting files is unfortunately not possible.  In limited cases, older ransomware families (Rakhni, Agent.iih, Aura, and a few others) have decryptor’s available.

With Ransom Data Guard, you don’t need to worry about ransomware even taking a hold in your computer, let alone encrypting your data.  Protection is automated and far-reaching.  Ransomware is deflected.

We take pride in our partnership with Microsoft, a leader in security automation and intelligence.  Active Cypher leverages many of Microsoft’s tools, providing enhanced security.