%201.png){kind=avatar}
As a company's security investment increases, we do see an almost linear progression from IT team, to security team, to security automation affecting file corruption. That is, assuming the ransomware was caught to begin with; again, no stopping the ransomware, means no file corruption. Instead of stating there is more or less file corruption, it is best to just say it is more unpredictable, aka, "messy", as a company's capabilities increase. It really comes down to the positioning and capabilities of the attackers and defenders, and how they line up. The dynamic is such that, the amount of file corruption, assuming you catch them, is up to the maturity and effort of the ransomware attacker, not the defender.
We spent quite a few late nights devising a solution in which does not corrupt files. This is true whether fully automated millisecond automation is not turned on (in which normally there are 0 files encrypted), or the admin configures our tool to require a user to approve response (normally some files will be encrypted, since human response is much slower than automated machine response).
However, for folks who are not Ransomware Rewind customers, we predict that file corruption will increase.
Looking to prevent downtime with ransomware, including file corruption? Check out this demo video we made. Got a sample of ransomware you want us to test? We love doing demos!
