This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-malware, this service is able to identify also malware whose signature is not available yet. The service performs a static analysis exploiting information on the frequency of OpCode extracted from the code of the analyzed application.