SecurityBrief US - Technology news for CISOs & cybersecurity decision-makers
United States

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Server room digital shield blocking ransomware files protection
#
Firewalls
#
Data Protection
#
Ransomware

CTERA ransomware tool aces independent lab testing

Thu, 8th Jan 2026
Author image
By Karen Joy Bacudo, Finance Editor

Data management company CTERA has reported that its ransomware detection feature, Ransom Protect, identified and blocked simulated attacks from eight major ransomware families in independent laboratory tests.

The tests formed part of an evaluation of the CTERA Cyber Protection Data Service. They covered strains including REvil and LockBit and assessed both detection speed and the extent of file encryption during an attack.

SYNERGY7's Cybersecurity Lab, which is supported by Dell Technologies, carried out the evaluation. The lab used the Govdocs1 dataset and ran real-world ransomware simulations across a full attack chain from initial compromise to attempted encryption and data exfiltration.

Each ransomware sample ran twice. The first run measured whether CTERA detected the activity without enabling active blocking. The second run measured the effect of the service's mitigation feature, which aims to contain damage by limiting file encryption and cutting off the attack.

Detection results

CTERA said the evaluation recorded a 100 per cent detection rate across all ransomware families tested. The feature identified every attack before encryption could complete across the dataset.

The mitigation function blocked attacks with a median response time of 24.5 seconds. That figure reflects the time between the onset of malicious encryption activity and the point at which the system stopped the process.

The report described a marked difference in data impact when mitigation was active. With the feature disabled, ransomware runs resulted in full dataset encryption. With mitigation enabled, the attacks led to less than 10 per cent of files being encrypted, with a median of 2.28 per cent of files affected.

Lab simulations complete attack chains rather than isolated encryption events. This covered stages such as initial compromise, lateral movement and attempts to exfiltrate data.

Independent testing

The evaluation addressed a longstanding concern among security buyers about the gap between vendor claims and verifiable performance under live conditions.

"One of the most significant challenges in cybersecurity is the validation gap. While vendors make bold claims about ransomware protection, customers are rightly hesitant to unleash actual ransomware within their own environments to verify them," said Harel Ram, CEO, Synergy7. "Our mission is to bridge that gap with rigorous, independent testing that replicates the sophisticated attacks enterprises now face. CTERA Ransom Protect demonstrated remarkable resilience in our labs, consistently detecting and neutralizing advanced threats within seconds. These results provide customers with objective, real-world proof they need to be confident in their data's security without exposing their own systems to risk."

CTERA positions Ransom Protect as an AI-driven ransomware prevention feature that focuses on the behaviour of data rather than solely on perimeter defences or recovery processes.

The company said the system automates threat detection in real time. Then it initiates response actions that seek to interrupt encryption and restrict propagation across files.

CTERA described this as a shift away from a recovery-first model. Traditional recovery processes often rely on restoring from backups after an attack has run its course and encrypted large volumes of data.

Oded Nagel, CEO at CTERA, said the test results provide external confirmation of the firm's approach.

"This validation from Synergy7 highlights the power of our AI-driven, data-centric approach to security," said Oded Nagel, CEO, CTERA. "Instead of relying solely on reactive recovery, CTERA Ransom Protect automates threat detection and response in real-time. This shifts the paradigm from lengthy, costly post-attack cleanups to proactive prevention, safeguarding data integrity and dramatically reducing the operational burden on security teams."

Platform strategy

Ransom Protect sits within CTERA Cyber Protection. This is one of several data services that run on the CTERA Intelligent Data Platform.

The broader platform targets organisations that want centralised management across storage, backup and security functions. It links cyber protection with other data services under a single framework.

CTERA describes itself as a provider in the integrated data intelligence market. It says its platform is built around security, scale and integration across enterprise environments.

The company promotes the alignment of data management with business continuity and operational planning. It emphasises turning stored data into information that can inform decisions and planning.

CTERA said it expects interest in independent validation of cyber products to increase as ransomware groups continue to develop new techniques and attack paths.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Cyb3r Operations raises $5.4m to tackle cyber risk
Deepfake boom fuels relentless wave of celebrity scams
Visionplatform.ai adds AI agents to Milestone XProtect
Phishing services drive 389% surge in account breaches
isVerified launches AI voice deepfake defence for execs

Top stories

NuSummit, Simbian launch AI-driven CognixMDR security SOC
Executive-level CISO titles surge amid rising scope strain
Ransomware hits record high as Qilin tops threat list
US travellers trust AI for trip ideas, not payments
Asimily boosts Cisco ISE with new device microsegmentation