bullwall ransomware verhindern

Effective prevention of ransomware attacks

Regain control swiftly in case of illegal encryption

The RansomCare cloud solution from Bullwall helps to prevent ransomware attacks as quickly as possible. Permanent monitoring of fileshares and cloud drives enables immediate detection of illegal file encryption, identification and isolation of compromised users, and stops further encryption of data. Permanent monitoring of fileshares and cloud drives enables immediate detection of illegal file encryption, identification and isolation of compromised users, and stops further encryption of data. However, many aspects must be taken into account when implementing the technology, to ensure that the system can differentiate between legal and illegal file changes.

We boast in-depth knowledge about the security of mobile working environments and provide you with support during implementation and operation of RansomCare. We help you to position the system so that it can recognize abnormal file changes, as well as ensuring reliable operation and supporting you when evaluating incidents. We can also provide you with advice about relevant complementary measures. This is how we help you to effectively protect your data and avert major damage to your company.

Our services

Ransomware assessment

We offer you a ransomware assessment that allows us to clarify whether you have an overview of which files are encrypted and when, whether you are able to identify users and devices where an attack is initiated (Patient Zero) and whether you can stop unintended encryptions before they cause serious damage. We also demonstrate how RansomCare provides you with an additional security layer that is of the utmost importance.

Setup

We provide you with advice on the best way to implement RansomCare and help you to position the system to identify any unwanted changes. Countless changes are made to files on a daily basis – creation, change, renaming, or deletion – and the abnormal activities must be detected in amongst these. We help the system to learn how to differentiate between legal and illegal changes and to recognize actual attacks.

Integration

We provide you with advice on how the solution interacts perfectly with other technologies. This means that various security mechanisms complement one another effectively to deliver integrated preparation against attacks.

Proof of Concept

You have the option of testing RansomCare within a proof of concept to see for yourself just how effective it is.




Implementation

We only require a short implementation period for RansomCare, allowing the solution to provide effective monitoring of your fileshares and to immediately stop illegal encryptions.



Evaluation

We work with you to evaluate incidents, allowing you to gather valuable insights into the encrypted data. We also help with restoration and the derivation of enhanced security measures.

We are also on hand after the implementation of RansomCare, ensuring that the solution runs smoothly. This means that you can always rely on the ability of the solutions to immediately detect ransomware attacks.

Learn more about our Support services

Your benefits

Microsoft Consulting

Contact Us

Contact us, if you have any questions. We will be happy to advise you and provide you with a customised quote.

Bullwall - Defense against ransomware

Regain control quickly after ransomware attacks

Permanent monitoring of fileshares and cloud drives enables RansomCare to immediately detect illegal file encryption. The solution identifies and isolates compromised users, stops further encryption of data, and helps with file recovery and incident analysis.

RansomCare functions

Monitoring and recognition

RansomCare monitors network messages arising from data traffic between terminal devices and files. The solution applies heuristic analyses and metadata, as well as machine learning. This means that the solution is able to differentiate between legal and illegal actions within the countless changes made to files on a daily basis. It takes just seconds to capture illegal encryptions, and thereby the indicators for a ransomware attack.

Criminal developers constantly monitor software updates for operating systems, applications, and preventative security solutions, and therefore always know when to change their methods of attack. As RansomCare concentrates on capturing unwanted encryption, the solution can react to known and unknown ransomware variants.

Identifies and isolates affected users

Isolation and quarantine

As soon as RansomCare detects illegitimate encryption, the solution activates an isolation and containment protocol. This includes the following measures:

  • Force a shutdown of the compromised device.
  • Disable the VPN for the compromised user.
  • Revoke cloud, network, and AD access for the user.
  • End file encryption within seconds.
  • Immediately trigger an alarm for the company security team.

Restore and report

RansomCare ensures that downtime is low and creates a list of all affected files, which can then be restored manually or from a backup. An extended history log captures all attack details and provides valuable and actionable insights about any affected files.

identifies encrypt files that can be restored from the backup
RandsomeCare-Bullwall

Protection for your data – whatever the location

RansomCare works with Office 365, SharePoint, and Google Drive, and functions independent of the operating system for smartphones, tablets, laptops, desktop devices, and IoT devices. No matter where the attack is initiated and whether encryption takes place on-premise or in the cloud.

Security goes hand in hand

The integration options with other security solutions allow companies to ensure perfect interaction between systems. The implementation of RansomCare is intended as a complementary security layer, rather than being a replacement for other security solutions.

Enterprise Mobility Newsletter

We keep you up to date on Enterprise Mobility and the Digital Workplace

EBF-Mobility-Newsletter_xs