Ransomware Attack Containment and Isolation
How RansomCare works
Active Detection
Artificial intelligence (AI) and machine learning establish a baseline of file activity on your network. RC monitors file changes constantly using heuristics and metadata to detect ransomware encryption the moment it starts. By monitoring file behavior, RC detects both known and unknown ransomware variants.
Immediate Response
An automated containment protocol shuts down the infected endpoint the moment ransomware’s illegitimate encryption begins. Isolation methods used include disabling VPN, disabling NAC, disabling AD-user, and forced shutdown. Alerts are sent to designated security administrators.
Informed Recovery
Your security and recovery team can pull reporting that shows the exact files infected prior to the forced shutdown. This makes restoration from backup simple. And all attack details are captured in a history log for insight into affected files.