SEATTLE – November 1, 2016– ExtraHop, the first and only provider of streaming analytics that transforms network data into actionable insight, today introduced a new version of its award-winning ransomware mitigation offering that, for the first time, allows enterprises to recover ransomware-encrypted files without a backup. The ransomware offering incorporates the ExtraHop platform's proprietary Precision Packet Capture capability, allowing companies to detect ransomware attacks in-progress and recover lost files in minutes, creating an end-to-end solution that puts control back in the hands of the enterprise. To view a demo of how to use packet capture to recover ransomware-encrypted files, click here.
In a June 2016 report titled "Use These Five Backup and Recovery Best Practices to Protect Against Ransomware," Gartner analysts Robert Rhame and Roberta J. Witty warn: "Users are only a click away from a drive-by download of malware from a compromised web page, or a postlunch launch of a trojan attachment from a ransomware spam campaign. The rapid-release nature of the malware underground means that antivirus vendors are playing a game of catch-up."
The new ransomware solution from ExtraHop solves a vexing problem that large companies face on a daily basis. Ransomware attacks are one of the fastest-growing threats facing companies today—as more than 4,000 ransomware attacks are occurring daily in 2016, representing a 300 percent increase over the previous year. In the first quarter of 2016, ransomware netted cyber criminals hundreds of millions of dollars. Enterprises not only face the direct monetary ransom and loss of sensitive data and intellectual property, these attacks can hinder business operations, productivity, and customer trust.
As evidenced by the growing number and severity of ransomware attacks, traditional security measures have fallen short against this threat. With ExtraHop, customers can now use packets to reconstruct files as they existed immediately before encryption, safely recovering critical data without paying the ransom. Importantly, this solution works even if customers do not have a recent backup of the affected files.
"The 'human vector' has become a reality for today's security teams. Just as the common cold will infect at least one person in an office and make its way to others, it's just as likely that that at least one person in your organization will open an email attachment containing ransomware," said John Smith, Principal Solutions Architect for Security at ExtraHop. "We've already worked with customers around the globe to detect ransomware before it can do significant damage. By incorporating Precision Packet Capture into our ransomware solution, ExtraHop now truly puts IT security back in control, helping them detect and short-circuit attacks and rapidly restore impacted files."
The new ransomware offering provides layers of defense that work together, including:
- Detection in Flight: ExtraHop provides a trigger that can help detect ransomware attacks in real-time. This functionality analyzes traffic from the SMB/CIFS network protocol.
- Orchestrated Mitigation: Through its REST API, the ExtraHop platform can kick off orchestrated mitigation actions in other security tools. For example, the IT team can use the ExtraHop detection to automatically block malicious IP addresses with their firewall appliance or quarantine infected clients with their network access control device.
- Packet-Based Restoration: The ExtraHop platform's Precision Packet Capture capability can now be leveraged to mitigate the damage caused by ransomware attacks. Packet capture starts automatically as soon as ransomware is detected, capturing the packets from which encrypted files can quickly be restored.
Additional Ransomware Resources:
- Download the Ransomware detection bundle.
- View a demo of how to use packet capture to recover ransomware-encrypted files.
- Check out the whitepaper: Detect and Stop Ransomware with a New Mitigation Approach.