Print

Sophos Intercept X

Intercept-X benefit 700x87

Ransomware is the number one malware attack affecting organisations today. It encrypts your files and holds them hostage until the ransom is paid, causing massive disruption to business productivity.

Recent widespread attacks (Wannacry and Petya) did serious damage in government and corporate organisations with outdated Windows systems.

And with IT Security becoming generally stronger, common sense would indicate that cryptolocker attacks - that gain entry to systems with the help of unsuspecting staff members opening e-mails - are likely to increase exponentially and begin targeting more modern operating system versions with more and more sophisticated strategies.

The recent Petya attack was an “improvement” over previous versions and had multiple points of entry to lock your files. It could spread across internal networks and could use Microsoft’s PsExec tool to gain entry.

While staff training and education is critical in IT security, the cryptolocker e-mails are becoming increasingly plausible and difficult to detect by even the most alert staff member.

So to avoid the devastating effects of cryptolocker and other malware, we urge you to implement a rigourous IT Security plan and maintain it religiously. Click here to see our it security guide

  • Ensure you have the latest patches, including Microsoft’s latest MS17-010 Bulletin Security Update for SMB Server.
  • Consider blocking PsExec tool from running on user’s machines
  • Backup regularly and keep recent and encrypted backups off-site.
  • Rolllout strong endpoint protection with Sophos Intercept X and keep it up-to-date.
  • Call Evotec IT on 1300 133 996 for an obligation-free demonstration of Sophos and other Business Continuity solutions such as Veeam backup and recovery.

Our customers that had installed Sophos Intercept X were protected from the Petya outbreak because Sophos server and endpoint protection was updated shortly after the attack broke out.

New Sophos Intercept X features CryptoGuard, which prevents the malicious spontaneous encryption of data by all forms of ransomware — even trusted files or processes that have been hijacked. And once ransomware gets intercepted, CryptoGuard reverts your files back to their safe states.

CyptoGuard stops cryptolockers in the act by detecting the ransomware attack and immediately revoking the permission to write to the disk.

It targets the behaviour of the attack rather than any specific type of malware. This “signatureless” approach stops new versions of ransomware that can’t be protected against by using anti-virus signatures.

Cryptoguard protects local shares against remote attacks for other computers.

CryptoGuard works at the file system level and does not conflict with full disk encryption software like Microsoft BitLocker, Sophos SafeGuard or TrueCrypt.

Intercept X also provides Root Cause Analysis to give insight on threats. Detailed, forensic-level analysis illuminates the root causes of attacks and their infection paths and guides you to fix infections today and bolster your security moving forward.

Intercept X includes a powerful virus cleaner, Sophos Clean. While most traditional virus cleaners simply remove offending malware files, Sophos Clean goes the extra mile by eradicating the malicious code and registry keys created by malware as well.

Sophos Clean comes with Sophos Intercept or as an individual product.

ESG Lab found Sophos Intercept X to be simple enough for an IT generalist, while providing features and functionality advanced enough for the professional security analyst.

Contact Evotec, your Sophos Gold Partner, on 1300 133 996 to find out more and book a free trial.

Download Intercept X whitepaper here

Download Independent Assessment here