Ransomware Containment

Protect your data in the event of a successful ransomware attack.

RansomCare from PPL can provide your organisation with a proven last line of defence containment solution which is designed to protect your files and prevent a catastrophic data loss in the event of a successful ransomware attack.

Unfortunately, criminal gangs are becoming more innovative at finding new ways to penetrate traditional prevention-based-detection methods. Once ransomware has breached the network and begins delivery of it’s payload, it can be too late for existing security to react. At this point, the only thing that matters is how fast you can stop the ransomware from encrypting up to 10,000 files per minute.

Our unique, automated multi-layered solution uses 20+ detection sensors to monitor your network and will immediately lock down the compromised device in the event of an attack.

To speak to us about how our solutions would help your business or to arrange a free demonstration then please get in touch by completing the form below.

Solution Overview
ransomcare ransomware containment

How RansomCare works

RansomCare is considered a last line of defence technology; it detects illegitimate file encryption and corrupted files on monitored file shares and cloud shares in seconds if existing security defences have failed to protect your organisation.

Detect: Detailed Live Visibility

RansomCare detects illegitimate encryption on monitored file shares in seconds by monitoring the organisation’s data activity. It investigates the heuristics of each file accessed by a user either on-premise or in the cloud. By intelligently accumulating any detection of tell-tale signs of ransomware (encryption and corruption), RC will detect and respond to the active threat that existing security defences did not stop. Machine Learning automates the initial alert settings based on your actual data activity, tailoring them to your environment. Organisations are often astonished by the detailed overview of the file changes within their organisation, and in case of an outbreak, you can see the small number of files impacted before the forced isolation by RansomCare

Respond: Contain and Stop The Outbreak

RansomCare reacts and responds once illegitimate file encryption is ongoing on monitored critical file shares, cloud shares (e.g., Google and Office 365 suite), or file server shares. It is crucial during ransomware outbreaks to detect, respond and recover as quickly as possible, as the financial and reputational repercussions caused by downtime can be costly.

On detecting illegitimate encryption on monitored shares, RC immediately raises an alert, and a response is triggered to isolate the endpoint, device and/or user that is causing the illegitimate encryption on monitored file shares. A wide range of customisable isolation methods can be utilized, such as forced shutdown, disable VPN, disable AD-user, disable network access, and many others. Alerting is done via email, text, and through easy integration with all SIEM solutions.

The alerting also works if you are hosting in the cloud or have an MSP taking care of your IT infrastructure. Integration through RESTful API to other security solutions means your security team(s) can unify security management across an increasingly complex sea of endpoints.

Document Manager NX logo

Recover: Provides the Full Overview

RansomCare provides a speedy data recovery concept. It provides a detailed list (for restoration purposes) of the small number of affected files before the forced isolation or shutdown. This reduces potential downtime significantly as it identifies the exact small number of files that need to be recovered, saving you valuable time and minimal recovery cost.

Hassle-Free Installation and Deployment

RansomCare is an agentless solution and is not installed on endpoints or any existing servers or file servers. There is no impact on endpoints and no network performance issues. Agentless file behaviour monitoring and machine learning techniques are deployed with ease in less than a day, and RC is configured automatically