RansomCare from Bullwall is a Last Line of Defense that detects and stops active ransomware on file shares and servers by isolating any attacking users and devices. This automated containment solution is laser-focused to stop malicious encryption and file corruption on monitored file shares, securing critical data.

RansomCare does not depend on antiquated detection methods such as ransomware signatures, strains, patterns, or behavior. Instead, it rapidly detects the purpose of the ransomware – the actual encryption. It does so without any network overhead or performance degradation. It differentiates by monitoring file activity on file shares, application servers, and database servers.

RansomCare detection technology operates using event-based file detection, with a raft of high-performance detection sensors inspecting the heuristics – regardless of the file type or whether the file is renamed, modified, created, or deleted. Malicious encryption is detected in seconds, whether on-premise or in your cloud. RansomCare reacts by isolating compromised users or devices in seconds. It can shut down an offending machine, disable the user in the cloud or Active Directory, revoke SMB permissions, disable VPN sessions, and much more.