Skip to content

Stop ProLock ransomware with three layers of protection from Intercept X – Sophos News

ProLock ransomware emerged on the threat scene in March, a retooled and rebranded version of PwndLocker.

As SophosLabs reveals in its detailed analysis, while ProLock ransomware gives you the first eight kilobytes of decryption for free, it can still cause significant business disruption and economic damage.

Protect against ProLock with Sophos Intercept X

Intercept X gives you multiple layers of protection against ProLock, keeping the data on your endpoints and servers safe:

  • CryptoGuard identifies and rolls back the unauthorized encryption of files. In fact, Sophos first detected ProLock when CryptoGuard caught it on a customer network
  • Deep learning identifies and blocks ProLock without signatures
  • Signatures block variants of ProLock either as Troj/Agent-BEKP or Malware/Generic-S

If you’re running Sophos Intercept X you can relax knowing that you are automatically protected against ProLock, as all three of the above features are enabled by default in our recommended settings.

(If you’re not yet running Intercept X and want to give it a try, visit the web page to learn more and start a no-obligation free trial.)

To check that you have CryptoGuard and Deep Learning enabled:

  • Open your Sophos Central Admin console and select Endpoint Protection in the left-hand menu
  • Select Policies
  • Review the list of threat protection policies already created
  • Toggle the buttons to make any necessary changes
Review your threat protection policies to check protection capabilities are enabled.

Endpoint protection and firewall best practices to block ransomware

51% of IT managers surveyed for our recent State of Ransomware 2020 report said their organization was hit by ransomware last year, and that cybercriminals succeeded in encrypting data in 73% of incidents.

With stats like these it’s worth taking the time to ensure all your ransomware defenses are up-to-date.

The earliest detection of ProLock by Sophos was traced to a compromised server, most likely through an exploit of a Remote Desktop Protocol (RDP).

Putting RDP access behind a virtual private network and using multi-factor authentication for remote access are just a couple of the best practices we recommend to reduce your ransomware risk.

For additional best practices, take a look at our guides Endpoint Protection Best Practices to Block Ransomware and Firewall Best Practices to Block Ransomware.

Net Universe offers all Sophos Devices and subscritpions also consultant services with worldwide Delivery Services.
Send us an email to [email protected] for more information or visit https://www.netuniversecorp.com/sophos.

Back to all post

>>>>>>>>>>

On Trend

INTERESTING NEWS

Cybersecurity Campaign in Latin America

Unlock 5 hours of free consulting We are pleased to announce the start of our exciting Cybersecurity Campaign, designed to strengthen your business against ever-evolving

Un líder, por decimocuarta vez

Las amenazas cambian. Sophos sigue siendo reconocido Por decimocuarta vez consecutiva, Sophos ha sido nombrado líder en el Cuadrante Mágico™ de Gartner® 2023 para plataformas

Apple Authorized Reseller

Hello, Apple

We proudly announce that Net Universe has been distingued as Apple Authorized Reseller. This membership is a testament to our ongoing commitment to deliver the