RansomCare from Bullwall is a Last Line of Defense that detects and stops active ransomware on file shares and servers by isolating any attacking users and devices. This automated containment solution is laser-focused to stop malicious encryption and file corruption on monitored file shares, securing critical data.
RansomCare does not depend on antiquated detection methods such as ransomware signatures, strains, patterns, or behavior. Instead, it rapidly detects the purpose of the ransomware – the actual encryption. It does so without any network overhead or performance degradation. It differentiates by monitoring file activity on file shares, application servers, and database servers.
RansomCare detection technology operates using event-based file detection, with a raft of high-performance detection sensors inspecting the heuristics – regardless of the file type or whether the file is renamed, modified, created, or deleted. Malicious encryption is detected in seconds, whether on-premise or in your cloud. RansomCare reacts by isolating compromised users or devices in seconds. It can shut down an offending machine, disable the user in the cloud or Active Directory, revoke SMB permissions, disable VPN sessions, and much more.
Monitors data activity on file shares
in real time
Instantly detects ongoing illegitimate encryption
Identifies and isolates the user and client initiating
Deploys built-in scripts to isolate the affected user and stop the file encryption
Quickly identifies any encrypted files that can be restored
from the backup
Automates any necessary incident reporting
We test your infrastructure’s response to active ransomware behaviour, providing you with a clear view of your current security posture.