End Ransomware.
Stop Data Exfiltration.
Welcome to ByteJams Ranger
Acts instantly and effectively against ransomware, data exfiltration and sophisticated attackers.
Screenshot: ByteJam Ranger (beta)

Providing outcomes that elevate the security posture of critical assets.

ByteJams Ranger is a brand new security product fighting the threats of today. Made by seasoned software engineers who have been working in the information security field for decades, having a rich experience in combating advanced threats such as bootkits, exploits and ransomware.

ByteJams Ranger protects vital assets from ransomware and data exfiltration, while natively generating detections and activity events based on the Open Cybersecurity Schema Framework (OCSF), enabling seamless integration with existing telemetry feeds. This makes Ranger an ideal sensor for Security Operations Centers (SOCs) and Managed Detection and Response (MDR) providers.

ByteJams Ranger empowers cybersecurity teams with the visibility and insights they need to stay ahead of evolving threats.

End Ransomware.
Despite a decade of security advances and AI innovations, ransomware continues to disrupt businesses worldwide. Our lightweight, on‑device ransomware protection works autonomously without relying on threat intelligence or AI, providing universal file protection with automatic recovery and securing both local and remote data against encryption attacks, regardless of file size or type.
Stop Data Exfiltration.
With double extortion now standard practice, attackers steal files before encrypting them. When the ransom is not paid, they publish your stolen data. Our autonomous, on‑device technology detects and automatically blocks data exfiltration without signatures or ongoing management, securing intellectual property and limiting breach impact even when attackers gain network access.
Unified Algorithm.
Today, over 90% of ransomware attacks originate from unmanaged or compromised devices (Microsoft). It is therfore crucial to prevent both local and remote ransomware attacks. Our patent‑pending technology not only prevents these ransomware threats but also detects data exfiltration, all with a single, unified algorithm.
Kernel or User Mode.
Microsoft's Windows Resiliency Initiative transitions security providers to user mode for greater stability. ByteJams Ranger gives customers the choice of deploying ransomware and data exfiltration protection in either kernel or user mode, showcasing ByteJams' adaptability to evolving security needs.

Ransomware Protection

  • Stop file encryption attacks instantly and automatically.
  • Deploy once and protect forever — no ongoing configuration needed.
  • Autonomous on‑device detection using a single, signature‑less algorithm — no cloud, sandbox, or decoys needed.
  • Automatic file recovery ensures no data loss — encrypted files are instantly restored.
  • Flexible deployment with choice of user‑mode or kernel‑mode protection based on your resiliency requirements.
  • Protects against both local and remote ransomware, including attacks originating from unmanaged or under-protected outdated machines.
Screenshot: Ransomware detected (beta)

Data Exfiltration Protection

  • Block unauthorized file exfiltration to any destination, including hidden archive transfers.
  • Preserve legitimate cloud storage sync while blocking unknown attacker‑controlled accounts.
  • Patent-pending on‑device algorithm operates without signatures or cloud reputation.
  • Outperforms traditional DLP (Data Loss Prevention) without the complexity of policies and maintenance.
  • Zero-touch deployment — no ongoing management required.
  • Flexible user‑mode or kernel‑mode deployment based on resiliency requirements.
Screenshot: Data Exfiltration detected (beta)

Security hardening

  • Strengthens Windows kernel architecture to prevent BYOVD attacks.
  • Autonomous on‑device protection without signatures or cloud dependencies.
  • Blocks vulnerable driver attacks through design — no reliance on blocklists.
  • Prevents kernel‑mode attacks that evade EDR tamper protection.
  • Enhance third-party tamper protection of solutions from CrowdStrike, Cylance, Microsoft Defender, SentinelOne, Sophos, and Sysmon.
  • No performance impact while maintaining full application compatibility.
Screenshot: Security Hardening (beta)

Presence verification

  • Hardware‑enforced authentication that strengthens Windows security architecture.
  • Physical security key validation independent of Windows Hello biometrics.
  • Autonomous on‑device protection without signatures, AI, or behavior monitoring.
  • Prevents remote adversaries from abusing compromised domain admin credentials.
  • Enhances UAC with hardware-backed authentication.
  • Compatible with industry‑standard FIDO U2F security keys for both workstations and domain environments.
  • Transparent to legitimate administrative workflows.
Screenshot: Precense Verification (beta)

Private Endpoint Detection and Response (EDR)

  • Typical EDR solutions send endpoint telemetry to an EDR platform in the cloud where it is correlated and analyzed. This means that this cloud has access to potential sensitive or confidential company information.
  • Private EDR leverages existing forensic information readily available on an endpoint for correlation and analysis. Reclaim your privacy and network bandwidth!
  • As shown in the screenshot, Private EDR can tap into third party tools like Sysmon to augment forensic information.
Screenshot: Hunting (beta)

Root Cause Analysis (RCA)

  • When Ranger triggers an alert you can view the alert and the events associated with it.
  • Unlike other solutions that record massive amount of information, the events shown in the RCA screenshot are gathered from various forensic sources readily available on an endpoint like NTFS USN records, Event Log information and Sysmon (if present).
Screenshot: Root Cause Analysis with associated events (beta)

Scan & Clean

Screenshot: Scanning interface (beta)

Graphical user interface

  • Ranger is a Windows application that has a user interface that is based on the Fluent Design System which matches that of Windows for seamless integration.
  • Supports dark and light mode.
Screenshot: Dark and light mode (beta)

Requirements

Operating system
(client) 		Windows 11
Windows 10
 
Operating system
(server) 		Windows Server 2025
Windows Server 2022
Windows Server 2019
Windows Server 2016
 
System type x64-based processor
x86-based processor
ARM64-based processor
 
Installation size 20 MB
 

Technical details

  • Ranger is a Win32 application written in C++17.
  • Ranger leverages DirectComposition, DirectManipulation and DirectAnimation so that the interface is rendered and animated beautifully.
  • Compiled using Visual Studio 2022 with DEP, Dynamic Base and Control Flow Guard flags enabled.

Open source libraries

  • Botan: Crypto and TLS for Modern C++
  • SQLite3 database engine
  • WebP image file format library
  • Zlib compression library
  • LZMA compression library

ByteJams B.V. (www.bytejams.com) is a Dutch cybersecurity startup revolutionizing Windows platform security. We strengthen your systems to be more robust and future-proof against human‑led attacks. Our proprietary OS hardening techniques and on‑device algorithms surpass traditional behavior‑based defenses and AI-based solutions. Drawing on decades of experience, ByteJams continuously raises the bar for superior security outcomes.

© 2025 ByteJams B.V. - All rights reserved