Detecting and Preventing the Spread of Ransomware

Ransomware attacks affect more and more computers worldwide every year. Such attacks clearly show that security solutions alone are not enough to ensure the security of IT systems. The only way to truly defend against such attacks includes keeping software up-to-date, taking regular backups, securing your network with an endpoint security solution and auditing your IT environment. Here at Lepide, our focus is on auditing. LepideAuditor provides deep insights into every change in the configuration of Active Directory, Group Policy, Exchange Server, Windows File Systems, NetApp Filers, Office 365 and Dropbox. The instantaneous information, in the form of real-time or threshold alerts, allow you to spot the symptoms of a ransomware attack and take appropriate action.

Over 5,000 Organizations Use LepideAuditor to Protect Their Businesses Against Ransomware Spread

How We Help in Ransomware Detection

Keep Group Policies Intact

Multiple policies to maintain IT security, such as software restriction and password policies, are configured in almost every organization. Any changes to such policies should be audited properly, with administrators being notified immediately for critical changes. LepideAuditor monitors every change in Group Policy Objects and sends real-time alerts when critical changes are detected. It also lets you restore the entire Group Policy Object with a few clicks to reverse unwanted changes.

Highlight Suspicious Changes

Some ransomware attacks (including the most recent WannaCry attack in May of 2017) encrypt critical files and alter the extension name with a new suffix. Once the extension name of a file is changed, it gets encrypted and hidden. LepideAuditor sends you real-time alerts for such suspicious changes – as emails to your inbox, updates to the Radar Tab, and push-notifications to the LepideAuditor App installed on your Android or Apple device.

Spot Anomalous Change Activity

If a user is making numerous changes over a short space of time, red flags should be raised about the possibility of unauthorized activities. LepideAuditor sends you threshold alerts, as emails or push notifications, that inform you of multiple changes or suspicious user activities taking place over a specified period of time. In-depth audit reports enable you to view all the activities or changes being made by a user account.

Detect Sudden Permission Changes

Often, ransomware attacks attempt to change permissions of a file in File Server or of a user in Active Directory. LepideAuditor audits the permissions of all server components to keep you aware of any sudden change in permissions. This enables you take quicker action to review permissions and correct if necessary.

Reverse Unwanted Changes

When your security solution has neutralized the ransomware attack, the next thing to deal with are the changes made to the configuration of IT environment due to the infection. LepideAuditor continuously captures snapshots of the state of both Active Directory Objects and Group Policy Objects. Use Lepide Object Restore Wizard to restore the state of these objects to a previously dated snapshot. With this method, you can reverse all unwanted changes within minutes.

Want to see the award-winning LepideAuditor in action? Schedule a Demo

Read all reviews

Read all stories

More from Lepide

Blog
Insider Threats Don’t Apply to Me…Do They?

Despite being responsible for around 30% of all cybercrime, insider threats don’t seem to get the same attention when it comes to security budgets as preventing external attacks.

Learn More ->
Whitepaper
Popular Cyber Attack Methods and How to Mitigate Them

This White Paper will go through some of the most popular cyber-attack methods attackers are using and the steps you can take to mitigate the risks of you falling victim to them.

Learn More ->
News
LepideAuditor 18.7 – Analyze Your Excessive Permissions

The latest version of the award-winning LepideAuditor now enables you to analyze users and objects with excessive permissions to help you avoid privilege abuse.

Learn More ->

Lepide® is a registered trademark of Lepide Software Private Limited. © Copyright 2018 Lepide Software Private Limited. All trademarks acknowledged.