It’s 8AM on a Monday morning and you have just arrived to work with a fresh cup of coffee in hand ready to start the work week.
Like every workday morning, you begin by booting your PC and logging into Windows. This time, however, you don’t see the familiar grassy knoll wallpaper but a red DOS-like screen. Your heart races as you realize what has happened; your files have been encrypted and you will need to pay an exorbitant amount of bitcoin to unlock them.
You immediately call the IT service desk hoping this is just an isolated incident. But unfortunately that is not the case. The service desk has been flooded with calls all reporting the same problem, and a technician lets you know IT is beginning their damage assessment. Soon after special enforcement teams from various federal organizations and incident response vendors rushed to the building. Management and the Board are pushing for answers on a recovery plan, damage assessment, and how to mitigate any remaining risk.
Most often, Windows environments are the victims of ransomware. This can result in infrastructure components such as: Active Directory, Systems Center Configuration Manager (SCCM), and SQL Server database management systems becoming compromised and inoperable. In those cases, the monitoring and management environments running on the instance of the SQL Server may no longer function. But what does all of this mean? Put simply, if, for example, SCCM no longer functions; then, no one is able to install forensic and data gathering agents or any type of software.
Forescout’s unique approach to visibility can become your single source-of-truth and provides you the insight into what the impacted landscape truly looks like. You’re able to quickly analyze what’s the as-is state, determine the existing risk profile, and use policies to automatically mitigate various risks.
Ransomware is more than just a nuisance. It has crippled organizations both large and small — resulting in hundreds of millions of dollars in losses and has even caused some local governments and hospitals to temporarily close operations. Surviving a ransomware strike and recovering quickly necessitates the use of a visibility solution. An ounce of prevention in this case provides much more than a pound of cure.
To learn more about how Forescout can help during a ransomware attack, be sure to check out my recently recorded webinar.