Encryption Disruption
Blocking encryption via PowerShell and WMIC
Encryption Disruption actively interrupts encryption processes in real time using kernel-level hooking. The system monitors cryptographic API calls (CryptoAPI, BCrypt, OpenSSL) and blocks suspicious usage patterns. Special protection against LOLBAS (Living Off the Land Binaries) techniques detects malicious use of PowerShell, WMIC, certutil, and other system tools.
Enterprise-grade protection compliant with regulatory requirements and security standards
Fast deployment with minimal resource overhead
Dedicated support from a certified partner
Easy integration with your existing infrastructure
Key features
- Hooking of CryptoAPI, BCrypt, and OpenSSL cryptographic APIs in kernel mode
- Blocking of more than 150 LOLBAS techniques in PowerShell, WMIC, certutil, and mshta
- Isolation of encrypting processes while maintaining system continuity
- Automatic stop and rollback of operations after anomaly detection
- Whitelist for legitimate encryption processes (backup, VPN)
Business benefits
- Stopping the attack within 100 ms of encryption starting
- Limiting encryption scope to less than 0.1% of files
- Protection of critical data without interrupting user work
- No need for manual intervention thanks to automatic remediation
- Preservation of forensic evidence for post-incident analysis
Why Halcyon?
The world's first platform dedicated exclusively to ransomware protection. Halcyon uses advanced behavioral detection techniques to block encryption in real time, and in the event of an attack, enables automatic recovery of encrypted files without paying a ransom.
Need Encryption Disruption in your organization?
As a certified Halcyon partner, we'll help you deploy and configure the solution.