Detecting and preventing the spread of ransomware
Ransomware attacks affect more and more computers worldwide every year. Such attacks clearly show that security solutions alone are not enough to ensure the security of IT systems. The only way to truly defend against such attacks includes keeping software up-to-date, taking regular backups, securing your network with an endpoint security solution and auditing your IT environment. Here at Lepide, our focus is on auditing. LepideAuditor provides deep insights into every change in the configuration of Active Directory, Group Policy, Exchange Server, Windows File Systems and NetApp Filers. The instantaneous information, in the form of real-time or threshold alerts, allow you to spot the symptoms of a ransomware attack and take appropriate action.
Keep Group Policies Intact
Multiple policies to maintain IT security, such as software restriction and password policies, are configured in almost every organization. Any changes to such policies should be audited properly, with administrators being notified immediately for critical changes. LepideAuditor monitors every change in Group Policy Objects and sends real-time alerts when critical changes are detected. It also lets you restore the entire Group Policy Object with a few clicks to reverse unwanted changes.
Highlight Suspicious Changes
Some ransomware attacks (including the most recent WannaCry attack in May of 2017) encrypt critical files and alter the extension name with a new suffix. Once the extension name of a file is changed, it gets encrypted and hidden. LepideAuditor sends you real-time alerts for such suspicious changes – as emails to your inbox, updates to the Radar Tab, and push-notifications to the LepideAuditor App installed on your Android or Apple device.
Spot Anomalous Change Activity
If a user is making numerous changes over a short space of time, red flags should be raised about the possibility of unauthorized activities. LepideAuditor sends you threshold alerts, as emails or push notifications, that inform you of multiple changes or suspicious user activities taking place over a specified period of time. In-depth audit reports enable you to view all the activities or changes being made by a user account.
Detect Sudden Permission Changes
Often, ransomware attacks attempt to change permissions of a file in File Server or of a user in Active Directory. LepideAuditor audits the permissions of all server components to keep you aware of any sudden change in permissions. This enables you take quicker action to review permissions and correct if necessary.
Reverse Unwanted Changes
When your security solution has neutralized the ransomware attack, the next thing to deal with are the changes made to the configuration of IT environment due to the infection. LepideAuditor continuously captures snapshots of the state of both Active Directory Objects and Group Policy Objects. Use Lepide Object Restore Wizard to restore the state of these objects to a previously dated snapshot. With this method, you can reverse all unwanted changes within minutes.
