Ransomware Prevention

Stop ransomware (such as cryptolocker) before it gets catastrophic.

ExtraHop analyzes all data in flight so that IT can have comprehensive visibility and gain control over security. In the case of ransomware, the ExtraHop platform enables incident response teams to know about an attack within minutes and take quick action to mitigate the impact.

  • Detect - The ExtraHop platform detects anomalies on the network, including the unique storage WRITE operations and file changes that are associated with ransomware. Incident response teams can set up an alert and be notified within minutes of a ransomware infection.
  • Investigate - Ransomware takes some time to overwrite files, making it crucial that incident response teams can pinpoint attacks within minutes. The ExtraHop platform enables teams to rapidly identify attacks in progress on NAS systems and shared file infrastructure. ExtraHop also enables response teams to rapidly identify users who received malicious files and which IP addresses are hosting the malware.
  • Stop - With the specific data provided by ExtraHop, incident response teams can disconnect infected computers, block malicious IP addresses, and begin restoring files from backup.

Did you know?

  • Ransomware attacks doubled in 2015, according to Kaspersky Lab.
  • The CryptoLocker strain of ransomware is responsible for $325 million in damages so far.
  • Hollywood Presbyterian Medical Center paid a $17,000 ransom after being forced to shift to paper processes for one week.
  • The FBI has offered a $3 million reward for the arrest of Evgeniy Bogachev, believed to be linked to ransomware viruses.

Watch A 2-Minute Demo of ExtraHop's Real-Time Ransomware Detection


A Community Approach to Improving Security Monitoring

The ExtraHop platform features a programmable stream processor so that you can quickly adapt to changing requirements, such as ransomware detection. To support rapid innovation, ExtraHop encourages community members to share bundles, which can package together dashboards, triggers, alerts, dynamic groups, geomaps, record formats, and record queries.

Visit our community forum to see how ExtraHop users are working together to create and improve their stream analysis.

For more information, download our datasheet: Real-Time Ransomware Detection & Response Already an ExtraHop user? Download the Ransomware Bundle