Acronis Cyber Protect Cloud excels in AV-TEST’s Advanced Threat Protection evaluation

In an era where cyberthreats are growing more sophisticated, security solutions must evolve to stay ahead of attackers. Ransomware and information stealers remain among the most dangerous threats, targeting businesses and individuals alike. To assess the effectiveness of modern cybersecurity solutions, AV-TEST regularly conducts Advanced Threat Protection (ATP) tests. The most recent of these tests was performed in December 2024 that evaluated 26 security products (11 consumer and 15 corporate) against cutting-edge attack techniques. Acronis Cyber Protect Cloud participated in the corporate test, and with a perfect score, solidified its position as a leading security solution. This result was identical to AV-TEST’s August 2024 round of tests, where Acronis Cyber Protect Cloud achieved a perfect score and received a “Top Product” badge.

Understanding the AV-TEST methodology

The AV-TEST ATP evaluation is designed to measure how well security solutions can detect and neutralize sophisticated cyberattacks in real-world conditions. Unlike traditional malware detection tests, ATP testing simulates advanced attack scenarios that often bypass conventional, signature-based security measures.

For this assessment, AV-TEST constructed two primary attack scenarios:

1. Ransomware attacks: These tests simulated modern ransomware operations, in which attackers encrypt victims' data and demand a ransom payment for decryption.
2. Information stealers: This category included malware designed to extract sensitive user data such as login credentials, financial information and personal documents.

The security products were exposed to five ransomware and five information stealer attacks, utilizing realistic infection chains. The test examined not only whether the threats were detected, but also whether they were neutralized before causing harm. The solutions were required to prevent payload execution entirely or at least stop the attack before system compromise.

For ransomware, the evaluation consists of three key defensive steps, while infostealers require four. A security product can earn either a full or half point for each step successfully blocked. The maximum score for ransomware protection is three points per step, assessed across five different samples, totaling 15 points. For infostealers, the highest possible score is four points per step, also evaluated across five samples, for a maximum of 20 points. This results in an overall protection score of up to 35 points. Partial success in a defense step results in only half a point or none at all. 

Attack techniques used

AV-TEST specialists chose a few popular attack techniques for this test.

• Memory-mapped file I/O: This technique provides an alternative way to access data by handling file operations through memory rather than direct disk writes. Ransomware can use this approach to encrypt cached files without triggering disk activity monitoring tools. Similarly, infostealers can use it to read and exfiltrate files without leaving traditional disk access traces.
• Command line and PPID spoofing: These techniques allow malware to evade detection by masquerading as legitimate processes. Command line spoofing manipulates the arguments passed to malicious commands, while PPID (parent process ID) spoofing makes a process appear as if it was launched by a trusted application. These methods complicate security monitoring by obscuring the true origin of malicious activities. In the tests, PowerShell instances were used to execute isolated tasks, with fake PPIDs and altered command lines to simulate real-world evasion tactics.

Acronis Cyber Protect Cloud: Outstanding performance

Acronis Cyber Protect Cloud stood out among the 15 tested corporate solutions by successfully blocking all tested ransomware and information stealer threats. The solution demonstrated an exceptional ability to detect and stop attacks in real time, preventing any damage to the test systems. As a result, Acronis Cyber Protect Cloud successfully detected and neutralized all 10 attack scenarios without allowing system compromise, demonstrating a 100% detection rate. Unlike many traditional security products that rely heavily on signature-based detection, Acronis Cyber Protect Cloud integrates several detection engines, including behavioral,  AI-driven analysis and cloud-based detections, which enhances its ability to detect zero-day threats and evolving attack techniques. This approach proved invaluable in the ATP evaluation, as Acronis effectively countered attacks that bypassed conventional security mechanisms.

Why these results matter

The significance of this achievement cannot be overstated. Modern cyberthreats are increasingly evasive, leveraging techniques like obfuscation, fileless attacks and lateral movement within networks. Many traditional security solutions struggle to keep up, allowing attackers to infiltrate systems undetected.

Acronis’s ATP test performance confirms its capability to provide comprehensive, real-time protection against advanced threats, ensuring that businesses and individuals can operate securely without fear of data loss or system compromise.

The latest AV-TEST evaluation underscores Acronis Cyber Protect Cloud’s ability to defend against some of the most dangerous cyberthreats today. By successfully blocking 100% of ransomware and information stealer attacks, Acronis has demonstrated its commitment to providing industry-leading security.

Organizations seeking a proactive, AI-driven security solution that can handle modern attack techniques should consider Acronis Cyber Protect Cloud. As cyberthreats continue to evolve and become more threatening, Acronis remains at the forefront, ensuring businesses and individuals are protected against even the most sophisticated cyberattacks.