The ransomware offering incorporates the ExtraHop platform’s proprietary Precision Packet Capture capability, allowing companies to detect ransomware attacks in-progress and recover lost files in minutes, creating an end-to-end solution that puts control back in the hands of the enterprise. To view a demo of how to use packet-capture to recover ransomware-encrypted files, click here.
The new ransomware solution from ExtraHop solves a vexing problem that large companies face on a daily basis. Ransomware attacks are one of the fastest-growing threats facing companies today—as more than 4,000 ransomware attacks are occurring daily in 2016, representing a 300 percent increase over the previous year. In the first quarter of 2016, ransomware netted cyber criminals hundreds of millions of dollars. Enterprises not only face the direct monetary ransom and loss of sensitive data and intellectual property, these attacks can hinder business operations, productivity, and customer trust.
As evidenced by the growing number and severity of ransomware attacks, traditional security measures have fallen short against this threat. With ExtraHop, customers can now use packets to reconstruct files as they existed immediately before encryption, safely recovering critical data without paying ransom. Importantly, this solution works even if customers do not have a recent backup of the affected files.
"The 'human vector' has become a reality for today's security teams. Just as the common cold will infect at least one person in an office and make its way to others, you can be assured that at least one person in your organization will open an email attachment containing ransomware,"
said John Smith, Principal Solutions Architect for Security at ExtraHop. “We’ve already worked with customers around the globe to detect ransomware before it can do significant damage. By incorporating Precision Packet Capture into our ransomware solution, ExtraHop now truly puts IT security back in control, helping them detect and short-circuit attacks and rapidly restore impacted files.”
The new ransomware offering provides layers of defense that work together, including:
? Detection in Flight: ExtraHop provides a trigger that can help detect ransomware attacks in real-time. This functionality is based upon analyzing traffic from the SMB/CIFS network protocol.
? Orchestrated Mitigation: Through its REST API, the ExtraHop platform can kick off orchestrated mitigation actions in other security tools. For example, the IT team can use the ExtraHop detection to automatically block malicious IP addresses with their firewall appliance or quarantine infected clients with their network access control device.
? Packet-Based Restoration: The ExtraHop platform’s Precision Packet Capture capability can now be leveraged to mitigate the damage caused by ransomware attacks. Packet capture starts automatically as soon as ransomware is detected, capturing the packets from which encrypted files can easily be restored.
