- Use Cases
Should ransomware reach your file server, Veriato RansomSafe™ detects the attack and shuts it down before your data is encrypted.
RansomSafe™ backs up your files before they are changed, making a pristine copy of the latest version of your files.
Once the attack is disrupted, recover in minutes with just a few clicks. No extensive, and expensive, downtime.
Veriato RansomSafe™ is continuously updated, maintaining a robust database of known ransomware signatures. The software detects the presence of known variants by matching against this database.
By helping you place honeypot files on your file that, if modified, alert Veriato RansomSafe™ to a ransomware attack, the software is able to reliably detect attacks from previously unknown variants.
The best protection against the disruption and expense of a ransomware attack is current backups. Veriato RansomSafe™ intercepts the command to encrypt (or delete) your files, making a copy and storing it safely away from the reach of the attack.
Veriato RansomSafe™ blocks the user account attempting to encrypt your files from making changes to the file system, shutting down the attack to prevent further encryption attempts and to minimize the restoration effort required. Veriato RansomSafe™ can send you an email notification immediately if and when this happens, allowing you to respond quickly.
Installs in minutes. Updates automatically. Server-side protection compliments your endpoint-based malware defenses without adding administrative overhead.
Priced well below the cost of a single ransom payment, the solution provides peace of mind without taking a big piece of your budget.
Veriato RansomSafe™ can be installed on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, Windows Vista, Windows 7, Windows 8, and Windows 10.
Veriato RansomSafe™ creates a safe and secure copy of each file on a protected server before that file can be modified or deleted by any user or process, including ransomware processes, and provides you with a very easy way to recover those files if necessary.
Additionally, RansomSafe™ uses a combination of “honeypot” files along with File Screening to detecting the existence of ransomware. When the ransomware’s activities are detected, the user whose process is creating, modifying, or deleting the file(s) is immediately blocked and prevented from affecting any additional files. The administrator is automatically notified and can take action to remove the infected computer from the network and, in a few quick clicks, restore all of the files the ransomware affected.
No. Installation of Veriato RansomSafe™ will protect only the files contained on the file server on which it is installed. However, you may use a single Veriato RansomSafe™ console to manage Veriato RansomSafe™ on multiple Windows file servers.
The files contained in RansomSafe™ are stored in a protected folder on the same local drive where they originally existed. If you prefer, you may relocate the RansomSafe™ to another local drive on the same server.
No. You may select how much space the RansomSafe™ is allowed to consume on the drive it is protecting. This may be selected as a percentage of total drive capacity or a percentage of drive free space. By default, the RansomSafe™ is allowed to consume a maximum of 80% of the drive’s free space.
Yes. Each time a file is modified, a new version of that file is created in RansomSafe™ . You may configure both the maximum number of versions kept and the maximum age of files stored within RansomSafe.
If the ransomware attempted to modify a “honeypot” file or was detected by File Screening, the activities of the ransomware would stop at that point. It will no longer be able to affect any additional files on your file server. If you had configured email notifications, you would have been notified of this.
The first thing you will want to do is remove the infected computer from your network so you can take steps to clean it of its infection before allowing it to re-join the network.
On your file server, you can use the Veriato RansomSafe™ console to quickly search for files that had recently been modified or deleted by the user who ran the ransomware. You can then take the files found through the search and restore any of them you’d like to. Note that after you restore them, the encrypted versions of the files may still exist alongside the restored files. You’ll want to remove the encrypted versions of the files using Windows Explorer at your convenience.
As soon as you are sure that the user is no longer infected and a threat to your file server, you may use the Veriato RansomSafe™ console to unblock that user and allow them to continue to manage files on your server.