Ransomware containment: protecting against ransomware attack
Summary
Time: 4 minute read
Ransomware and an office fire are a lot alike. And protecting against a ransomware attack is a lot like fire-proofing your office.
To prevent a fire, you have fire doors and fire-proof floors in production areas. To keep arsonists out, access is only granted via keycard. You might even have cameras watching entrances. Fire extinguishers are everywhere.
You also have smoke detectors everywhere. But with all the fire-proofing measures, why do you need smoke detectors? Because we know that all of the above measures don’t work 100% of the time.
So, you put smoke detectors in your building to notify everyone when a fire is starting.
But a smoke detector can’t stop a fire. So, your building has a sprinkler system to account for this potential need. You hope it will never activate, but it is there to cope with the worst-case scenario.
Subscribe to our newsletter
How ransomware prevention security is like fire prevention measures
Endpoint and server security measures work much like fire prevention.
Anti-spam email monitoring and endpoint protection for workstations and servers act like fire doors, keycards, and smoke detectors. Their purpose is to prevent a security event from happening. Should malware get in, most of these solutions will alert you (like a smoke detector) of the situation. In most cases, these measures prevent a security event.
But what happens if an attack unfolds and encryption begins?
The missing element in ransomware prevention
Today that has changed. The “sprinkler system” now exists.
It’s called RansomCare.
A last line of defense designed to put out ransomware fires
RansomCare steps in to stop encryption when standard prevention measures fail. And considering the average Q3 2020 payment averaged $233,817, it is clear that those measures do fail.1
Most security solutions aim to identify malware and prevent it from entering and executing. Yet, despite using advanced endpoint protection technologies, organizations continue to fall victim to ransomware.
That’s not to say these solutions don’t do an excellent job. They do. They easily stop the vast majority of attacks. But just like our fire prevention, they don’t stop 100% of attacks 100% of the time.
And once encryption begins, they have no way to stop it.
RansomCare, however, does.
Rather than looking for malware or ransomware or trying to recognize malicious behavior, it focuses on the worst-case scenario – an outbreak.
Here’s how it works…
- RansomCare monitors your file shares on-premises and in the cloud. As soon as a user requests a file (Word, Excel, PPT, etc.), the monitoring watches for the start of illegitimate encryption.
- If encryption has begun, it immediately isolates the workstation(s) or device(s) and sends alerts to your security team.
- And with the system’s reporting, you know which user and which devices are infected for restoration.
The missing piece of ransomware protection – without the overhead
Most business leaders, IT professionals, and security experts would probably agree that another application or a little extra work is worth it to contain and stop ransomware.
At the same time, additional security applications running on endpoints slow workstation speed. Programs can take longer to load. It’s a quiet, slow erosion of productivity.
The time required to maintain and update all of the endpoints and servers places a burden on IT teams. After all, missing one endpoint or file share is a vulnerability.
And that is what makes RansomCare different.
RansomCare is an agentless “sprinkler system” defense against a ransomware outbreak. There are no agents to install on endpoints, servers, or file shares.
In fact, as a cloud application, you don’t even need to load an application on your network. The only setup is configuration and integration with your other security solutions (as desired).
Is RansomCare the answer for you?
Its purpose is to act like that “sprinkler” to put out the worst-case scenario of a ransomware outbreak. Ransomware can encrypt 10,000 files per minute per device. If five endpoints were compromised, you could lose 50,000 files each minute.
Isolation limits the impact to one device or file share. And that’s why the containment offered by RansomCare addresses the question that keeps many business leaders, IT professionals, and security executives awake at night:
What can we do if a ransomware outbreak occurs?
With RansomCare, you know the answer. The infected device will be isolated, and the impact on your business dramatically reduced.
To see more details of how it works, check out our RansomCare services page.
For a detailed summary of the software, you can visit our RansomCare software page.
