Sophos Intercept X: Welcome to a new realm of cops and robbers
Don’t get blogged down. It’s uncomfortable. And probably itchy.
Instead, enter your email address below (we won’t sell it to those dodgy spammer folk. Or anyone else for that matter) and we’ll steer you through the stormy waters of new technology in the most entertaining way we can think of at the time.
You can unsubscribe at any time. And signing up is totally free.
When I think of ransomware, malware and computer viruses in general, I kind of compare it to how a human body works. A virus enters, your body identifies the virus and then attacks the virus, restoring your health back to normal, as if by magic. The same logic can be applied to computers with antivirus software, but now there are more dangerous variations of ransomware threats than your typical, obvious infiltration, something like Teslacrypt, Lockscreen, Cryptowall or Cryptolocker.
Using Cryptolocker as an example, if you can imagine a variant of ransomware as a typical burglar, in a questionable black and white stripy top, running down the road all giddy with a bag of cash with a great big dollar sign on, being chased by a police officer in uniform. It’s very clear to determine who is the bad guy and who is the good guy. And that is exactly how a typical virus and antivirus system works. The trouble is, new forms of malicious threats are becoming much more indistinguishable. Taking that example into account, and changing it to two police officers chasing each other, it becomes rather confusing as to who is the culprit.
Generally, ransomware intrudes systems via something like an email. Although it may be obvious to you and me as to what looks like a suspicious email, ransomware is now being camouflaged as a genuine contact, for example an email from your line manager, with legitimate images, text and ID and importantly an attachment of some kind.
As it’s an unsuspecting email, you open the attachment expecting your day to just continue as normal… WRONG.
Immediately you will find crucial documents to be encrypted, and your accessibility to vital files will be restricted. What on earth just happened? Why are my documents just random strains of code instead of a perfectly neat report?! That is what you call a Cryptolocker ransomware attack, which is just one variant of the new breed of threats that Intercept X prevents.
Without a full system backup, unfortunately for the victim, the only way out is to pay the hacker the requested fee, and even that doesn’t guarantee the documents to be restored to normal. So I’m sure you’re now thinking, well, what can I do to prevent this from ever happening to me?... One option is to restore the complete backup that you definitely remembered to take last night…. Or not!
That is where Sophos Intercept X works its genius magic with Cryptoguard.
Replaying that same scenario, Intercept X would step in at the point of infiltrating, and identify the Cryptolocker attack. After an attacked has been attempted, Cryptoguard blocks all further attacks, as well as restore any affected files back to their original state, rendering the attempt as useless.
After an attack is attempted, Intercept X’s Root Cause analytics toolkit allows you to identify the ransomware’ point of entry, who clicked the malevolent link and importantly, it suggests improvements to evade such attacks in the future. On top of that, the Sophos Clean tool hunts and removes any trace of spyware and deeply embedded malware, which essentially cleanses your entire system of corrupt and dormant malicious threats.
Ransomware attacks are getting smart, but Sophos Intercept X is smarter.