Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680
 
 
 
 

Detect and respond to ransomware with FileAudit Plus

Understanding ransomware

  • Ransomware is malicious software that blocks access to data by encrypting files. Once the files are encrypted, hackers demand victims pay a ransom in order to regain access to their files.
  • There are a number of ways ransomware attacks are initiated.The most common attack vector is a phishing email that appears to be legitimate, tricking the victim into clicking on a link or opening an attachment. Victims might also be lured into visiting a malicious website and downloading the ransomware executable.
  • Once the attack is initiated and the data is encrypted, there are two options to recover data. Victims can pay the ransom, but that doesn't guarantee their files will be decrypted. They can also restore their data using a backup, but potentially vital data not included in the last backup will be lost.

The need for an anti-ransomware tool

  • Ransomware attacks wipe sensitive information, disrupt regular operations, cause huge financial losses as victims try to restore their data, and potentially harm an organization’s reputation. There has been a steady rise in the number of ransomware attacks, to the point where it has now become a global epidemic. Perhaps the biggest online extortion attack ever was recorded in May 2017. The WannaCry ransomware attack, as it is popularly referred to, hit at least 45,000 computers spread across more than 70 countries. Once infected, a message pops up demanding a $300 ransom in bitcoins, the current ransom total paid to the attackers is at least $80,000. With the likelihood of increasing ransomware attacks in the future, organizations need to equip themselves with software that can counter these threats now more than ever.
  • Spam filters prevent initial infiltration attempts by monitoring all incoming email traffic and filtering out emails with potentially unsafe attachments. Tools that reveal the unmasked URL, risk rating, and a preview of the target page also help prevent the infected vector from being downloaded in the first place. However, the most recent attacks have shown that ransomware attackers can easily beat this first line of defense. And once ransomware infects a computer, there is very little time to respond. Several strains of ransomware (including CryptoWall) can easily encrypt hundreds of thousands of files within 20 minutes. So, what we need is a system that can pick up the indicators of ransomware compromise early on and respond to it at a knee-jerk pace. And that’s exactly what FileAudit Plus does.

Swift detection and automatic incident response with FileAudit Plus.

Detect and respond to ransomware with FileAudit Plus

  • FileAudit Plus is a real-time change monitoring and alerting tool for Windows file systems. Since it uses dedicated agents to monitor files continuously, FileAudit Plus has the ability to detect file changes the very instant they happen. This tool offers two important features which play a critical role in detecting and responding to ransomware attacks successfully: mass access alerts and automatic alert responses. Using these two features, FileAudit Plus significantly reduces the time it takes to detect and respond to a ransomware attack. In fact, it automatically responds as soon as it detects the signs of a ransomware-type compromise. In doing so, it completely removes the need for human intervention, which is often slow and unsuccessful when pitted against ransomware attacks.
  • Mass access alerts: When an encryption attack is underway, the ransomware accesses and modifies an unusually large number of files in a short period of time. FileAudit Plus can be configured to monitor the frequency of file modifications by a user, and to alert whenever the number of modifications crosses a specified threshold within a specified time period. Given its real-time event monitoring capability, FileAudit Plus' threshold-based alerts are triggered as soon as the ransomware starts its encryption exercise. Alerts also indicate the username, source, date, and time of the security breach, and other alert parameters, paving the way for further investigation.
  • Automatic alert response: FileAudit Plus allows you to configure a predetermined response to an alert. In other words, you can program the tool to take a specified action when a certain alert is triggered, effectively enabling you to automate the incident response. FileAudit Plus has a built-in ransomware alert response, which locks down the infected device, thereby stopping the spread of ransomware to network storage or other systems and preventing the attacker from causing any further damage. Additionally, you can also set up your own automated alert responses, through the execution of a batch file, to respond to mass access alerts automatically.

The FileAudit Plus advantage

icon-audit-and-analyze-file-folder-access

Audit and analyze file and folder access

  icon-identify-files-that-are-stale-non-business

Analyze files and disk space

The Access Audit report provides detailed information on the quintessential Four W's—who accessed what, when, and from where. This will help you keep track of all accesses and changes. The Access Analysis report provides a summary view of accesses and changes, which can help you detect access trends. The File Analysis report helps isolate files that are old, unused, unmodified, large, hidden, or non-business; making data cleanup easier. The Disk Analysis report provides visual insight into disk space usage and trends, facilitating optimization of disk space; it also reveals properties of files and folders.
icon-minimize-incident-response-times

Audit access rights

  icon-minimize-incident-response-times

Meet PCI DSS, SOX, FISMA, and other regulatory needs

Examine share and security permissions of files and folders and prevent access exploitation. Comply with regulatory mandates through consistent auditing and reporting of the file server environment.
icon-meet-pci-dss-sox-and-fisma-needs

Minimize incident response times

   
Become proactive with real-time file and folder access and change auditing. Continuously monitor and get notified about critical activities.