Mitigating the Risk of Encryption Ransomware
See how Netwrix Auditor helps you reduce the damage from crypto-ransomware
Control user privileges
Most encryption ransomware can encrypt only the data that the user who activated the payload has permissions to access. Therefore, limiting each user's access rights to that user's role in keeping with the least privilege principle is a solid strategy for narrowing ransomware's ability to cripple your files. Netwrix Auditor enables effective control over user account permissions by reporting on all of the following:
Control Group Policy that regulates applications running
Encryption ransomware can have any file extension, including .bat, .msi or .exe. Blocking the typical ransomware extensions in your Software Restriction Policy is a good security measure that helps you prevent malware from running. Netwrix Auditor keeps you informed about any removals of file extensions from the policy list. It also reports about all registry key changes that might indicate ransomware attempting to enable the autorun service.
Detect anomalies in user activity
When crypto-ransomware manages to avoid detection by antimalware solutions and starts running, time is critical to limiting the scope of the damage. The earlier you can figure out that something is happening to your data, the sooner you can contain the situation and the less data you will lose. Netwrix Auditor audits all user activity on your file servers and enables timely detection of anomalies that may indicate ransomware on the loose.
Optimize the data recovery process
Recovering from a crypto-ransomware attack usually requires restoring data from a backup kept isolated from your network. Netwrix Auditor helps you identify the affected files to enable a faster, more efficient granular restore.