Search our Knowledge Base for answers to frequently asked questions. If you don’t find what you’re looking for, get in touch and we’ll get started on a solution right away.
Search our Knowledge Base for answers to frequently asked questions. If you don’t find what you’re looking for, get in touch and we’ll get started on a solution right away.
Is installing RANSOMCARE a complex and time-consuming process?
RANSOMCARE is easy to implement on a current server/virtual server. Full implementation is normally done in less than 10 working hours for a company with 2500 AD users.
Is configuring RANSOMCARE a time-consuming process?
No – even in a large environment you can do it in a couple of hours; just follow the manual.
Okay – I have basis protection now. How can I get the full benefit from RANSOMCARE?
The account you are running RANSOMCARE from must have read access to the folders and files in the shares you want to monitor. RANSOMCARE requires file-information in order to provide you with a maximum alert level, including the shutdown feature.
How do I ensure that the legal traffic on my fileservers do not make false alarms?
You need to run the unique Artificial Intelligence module in RANSOMCARE. It will quickly learn your legal traffic and store the information so it won’t flag up again. It will also set the baseline in RANSOMCARE, and after a short while you will see the alerts decrease.
In case of an alert – what do I do?
RANSOMCARE will automatically isolate the infected user/Client by running the desired script (Powershell, BAT or SSH). As part of the implementation BullWall delivers sample scripts which can be changed and modified to support your organisations specific requirements. The RANSOMCARE admin or admin team will receive an alarm including info about the cause of the alarm, details about the infected Client/user and the alarm level. The RANSOMCARE admin is presented with an exhaustive recovery log of any files that must be recovered from the standard backup system in use.  If you respond to an attack by disabling the Client/User from AD under an attack, the admin can re-enable the Client/User in AD when it is safe to do so.
How can I get the alerts?
You can receive alerts via e-mail, SMS, a feed to a SIEM system or via the app, available on Apple and Android.
Is there an easy way to check if it works as supposed?
Yes – you can use CRYPTOTACK to simulate several Ransomware attacks. You can also do a simple test by renaming a file to a well-known Ransomware file extension. Look in the Known Bad files section and choose one of your own.An example could be *.fun from the Jigsaw Ransomware.
Are we fully protected using RANSOMCARE?
Based on three years of intensive research, we believe this product is as close as you can possibly get to being fully protected. But no serious security company can give you a 100% guarantee.
The known bad – is that not just another signature-based protection method?
Yes, however with signature-based detection we will recognise known Ransomware immediately. Without signature-based detection, we would still detect the Ransomware, but this will take a few extra milliseconds, where a signature-based detection is instant.
With so many other security systems on the market, why should I choose RANSOMCARE?
If you truly believe your other systems will protect you 100%, we’re not here to convince you otherwise. In our vast experience, though, we are yet to find another security system that offers what RANSOMCARE offers. When Ransomware penetrates your First Line of Defence– RANSOMCARE is your Last Line of Defence.