Announcing UpSight.ai ransomware protection for Windows Copilot+ PC powered by Snapdragon ARM64
Microsoft recently launched the Copilot+ PC formfactor to enable running bigger and more complex AI models directly on a PC while maintaining a long battery life on a lightweight device. These devices are powered by Qualcomm Snapdragon processors based around the ARM64 architecture. UpSight is pleased to announce that the UpSight.ai client now supports the ARM64 architecture including all Copilot+ PC models.
The UpSight.ai Anti ransomware client running on a Lenovo ARM64 based Copilot+ PC (which was delivered in plastic free packaging from Lenovo)
Thankfully Microsoft has reconsidered the implementation decisions around the controversial ‘Recall’ feature and has delayed its launch. UpSight will keep an eye on the replacement and work to ensure that regardless of how it ends up you can use it with confidence. Even without Recall in the picture, UpSight vigorously protects the many identities and credentials maintained on your PC from being stolen and then sold to an extortionist to inflict you with ransomware.
In our testing we found that most prevalent ransomware payloads such as BlackCat, BlackBasta, Lockbit, Conti all run on ARM64 and succeed in encrypting documents even when the ransomware payload itself is running as an X64 binary under emulation. The behaviors we observed are similar, but not entirely identical to those seen on X64. Many ransomware samples exhibit a degree of behavioral morphism and never execute exactly the same sequence of steps run to run and take some different paths on ARM64 entirely from when the same payload is run on X64.
BlackCat is a very impactful ransomware variant and you can see the behavioral differences using the same binary on X64 and ARM64 by comparing these two graphs in the UpSight.ai console
X64: console.upsightsecurity.net/graph?feedId=3d701f7b-2e2f-404d-8e09-7b21480600c8
ARM64: console.upsightsecurity.net/graph?feedId=ee8ac4e0-d185-493d-b5ea-ca3a4e754293
UpSight predicting, interdicting and evicting the BlackCat ransomware on a Copilot+ PC
Our UpSight.ai model is based around looking at the overall sentiment of the behavior to determine if the story being told is one of ransomware attack. As such our UpSight.ai model resilient to changes in runtime behavior and still able to effectively detect attacks before damage is done.
The UpSight.ai ARM64 client package runs as a native ARM64 executable and is functionally identical to our X64 client package. We intend to update both architectures simultaneously going forward in lock step.
You can gain access to UpSight.ai on your Copilot+ AI PC, or any other less exotic PC right now by clicking on the SignUp button. Signup is free and gives you immediate access to the UpSight.ai client for up to 5 PCs and access to the UpScan detonation sandbox. Registration just requires a Google or Microsoft account identity.
