Ransomware has been all over the news since 2015. You’d think we would all know how to deal with it and the craze would be dying out.  Well, there’s a lot more money and a lot less effort involved in holding critical files hostage. Ransomware generated an incredible $1.2billion for criminals in 2017 and is a booming industry and ransomware-as-a-service has become a real thing. Ransomware has a low-cost structure that makes it very profitable. The victim directly sends the attacker money, which funds even more sophisticated versions of ransomware, which in turn can be devastating to anyone caught unprepared.

If that doesn’t scare you, it probably should. The different types of ransomware families are even more varied than the number of attack vectors they can exploit. Even well defended networks and systems can potentially fall victim. The trick to surviving a ransomware attack is to prevent the infection from spreading immediately. You need to make it so difficult to infect your business with the criminal’s software that they have no choice but to go after someone else.

Why do you need a Last Line of Defence Technology?
All major analysts now assume that at some point ransomware will hit your organisation via a supply chain attack, a vendor with tainted software, via cloud, or simply by being missed by your current defences when exploiting a new vulnerability or using new technique not seen before. No first line of defence vendor ever has, nor will they ever detect 100% of threats, and history is proof of that.  However, the ever-increasing uptick in new malware means that the intervals for malware successfully breaching companies are rapidly coming down, and therefore you need an insurance policy. You can liken it to having a fire extinguisher in your data centre in case of a fire.

RANSOMCARE is a Last Line of Defence technology, specifically designed for when a ransomware has bypassed your first line of defence and is aggressively encrypting your files. RANSOMCARE is designed to stop the 0.1 – 1% of threats that gets through your perimeter and endpoint protection and eliminates the threat before it causes massive interruption, stops production and results in very high downtime costs.

RANSOMCARE is different in that we investigate your existing files directly, as opposed to looking at what threats are coming in from the outside. Because we look directly at existing files we can quickly determine if any encryption is happening on the file itself. This is the earliest warning you can get of an ongoing ransomware attack.  

How Does it Work
RANSOMCARE monitors all you fileshares without the use of agents on endpoints or servers – it monitors until the day a ransomware, or brute force attack starts encrypting your fileshares and fileservers and within seconds of detecting an illegitimate encryption process it kicks into action and protects your crown jewels by:

  • Identifying “patient zero” immediately.

  • Shutting down the device, blocking the user in AD, shut down a Citrix session or Citrix server or even drop a VPN connection to an office in another country.

  • Blocks and mitigates further spread and block other elements of danger.

  • Tells you who initiated attack and exactly which files where touched (encrypted).

  • Automates your GDPR Reporting (where necessary) whether a minor incident or a data breach.

  • Gives you a dashboard that shows exactly what is happening on all your fileshares every time an employee creates, deletes, renames or changes a file.

  • There is no network or performance overhead.

Check out the below video and see how a ransomware attack is detected, isolated, and how recovery reporting is made hassle-free with RANSOMCARE.