The why, the how and the what for RansomCare
Ransomware has been all over the news since 2015. You’d think we would all know how to deal with it and the craze would be dying out. Well, there’s a lot more money – and a lot less effort – involved in holding critical files hostage. Ransomware generated an incredible $1.2billion for criminals in 2017 and is a booming industry and ransomware-as-a-service has become a real thing. Ransomware has a low-cost structure that makes it very profitable, and the victim directly sends the attacker money, which funds even more sophisticated versions of Ransomware, which in turn can be devastating to anyone caught unprepared.
If that doesn’t scare you, it probably should. The different types of Ransomware families are even more varied than the number of attack vectors they can exploit. Even well defended networks and systems can potentially fall victim. The trick to surviving a Ransomware attack is to prevent the infection from spreading immediately. You need to make it so difficult to infect your business with the criminal’s software that they have no choice but to go after someone else.
The Why – For C-level budget holders and directors – want to read about strategy and motivation
RANSOMCARE stops unfolding ransomware attacks that has passed your perimeter protection and other first line of defence solutions. All major analyst now assumes that at some point Ransomware will hit your organisation via a supply chain attack, a vendor with tainted software, via cloud, or simply by being missed by your current defences when exploiting a new vulnerability or using new technique not seen before. No first line of defence vendor ever has, nor will they ever detect 100% of threats, and history is proof of that. However, the ever-increasing uptick in new malware means that the intervals for malware successfully breaching companies are rapidly coming down, and this is why you need an insurance policy – You can liken it to having a fire extinguisher in your data centre in case of a fire. Video
RANSOMCARE is Last Line of Defence – a technology specifically designed for when a Ransomware has bypassed your first line of defence and is aggressively encrypting your files. RANSOMCARE is designed to stop the 0.1 – 1% of threats that gets through your perimeter and endpoint protection and eliminates the threat before it causes massive interruption, stops production and results in very high downtime costs.
The How – The IT Managers – want to read about tactics and the difference between solutions
RANSOMCARE is different in that we look into your existing files directly, as opposed to looking at what threats are coming in from the outside. Because we look directly at existing files we can quickly determine if any encryption is happening on the file itself. This is the earliest warning you can get of an ongoing Ransomware attack
RANSOMCARE is installed on a single virtual server and are an agentless solution – no agent required on endpoints, no agents required on fileservers/storage platform and no agents for Azure, AWS, EC2. The result is – NO Network Overhead or Performance Issues – we only listen to your existing broadcast notifications via SMB 1,2,3 or 3.1 and CIF, no write access to storage platform
The What – For administrators/specialists – that want to know about the operational aspects
RANSOMCARE detects and responds immediately to a live Ransomware attack when all other security tools have failed. RANSOMCARE monitors all you fileshares without the use of agents on endpoints or servers – it monitors until the day a Ransomware, or brute force attack starts encrypting your fileshares and fileservers and within seconds of detecting an illegitimate encryption process it kicks into action and protects your crown jewels by:
- Identifying “patient zero” immediately.
- Shutting down the device, blocking the user in AD, shut down a Citrix session or Citrix server or even drop a VPN connection to an office in another country.
- Blocks and mitigates further spread and block other elements of danger.
- Tells you who initiated attack and exactly which files where touched (encrypted).
- Automates your GDPR Reporting (where necessary) whether a minor incident or a data breach.
- Gives you a dashboard that shows exactly what is happening on all your fileshares every time an employee creates, deletes,
renames or changes a file.
- There is no network or performance overhead.
Bullwall Case Studies
Contact Brookcourt Solutions: 01737886111