Absolute Ransomware Response: Providing an advantage for preparedness and recovery

By: Torsten George | 4/14/2022 | 5 min read

Ransomware is one of the most significant threats to businesses worldwide. Cybersecurity Ventures predicts that organizations will face a new ransomware attack every two seconds by 2031, up from every 11 seconds in 2021.

A ransomware attack can cripple an organization in a matter of minutes, leaving it incapable of accessing critical data and unable to do business. But that’s not all - recent years have seen threat actors move from just infesting systems with ransomware to multi-faceted extortion where they publicly name (and shame) victims, steal data, and then threaten to release or sell it.

The need for preparedness and response

Because of this, it is important for organizations to increase ransomware preparedness and assure that the tools needed for remediation, eradication, and recovery are not just in place, but also functioning as expected. This holds especially true for the recovery of endpoints, which represent an essential tool for remote workers to conduct their assigned business tasks in today’s work-from-anywhere environment. While recovery efforts for endpoints are still considered secondary considering the importance of restoring critical infrastructure (e.g., Active Directory, database servers, application servers, message servers) and business applications, the shift to an anywhere workforce has put increased demands on already stretched IT and security teams when it comes to recovering employees’ devices.

Ransomware attacks often put endpoints in a state where they’re either open to reinfection, or they are almost impossible to re-image/recover because the necessary tools are no longer functioning. Ultimately, this creates increased challenges for IT and security teams that, by the time they are tasked with recovering their employees’ endpoints, they have already exhausted their resources.

Increasing resiliency in ransomware response

In this context, we are excited to announce a new product offering, which was developed based on extensive experience responding to and recovering endpoints from ransomware incidents. Absolute Ransomware Response enables customers to assess their ransomware preparedness for endpoints and monitor endpoint cyber hygiene across their device fleet. And, it allows for an expedited endpoint recovery leveraging Absolute’s always-on connectivity, automated restoration capabilities for key security and management tools (e.g., Microsoft® Endpoint Manager, Ivanti®, Tanium™, SentinelOne®, CrowdStrike™), and library of Absolute Reach scripts.

Absolute Ransomware Response combines several trusted Absolute product features with professional services elements, delivering the following capabilities:

Check Strategic Ransomware Readiness Across Endpoints

At the beginning of the engagement, a technical consultant will review a customer’s existing standard security controls across endpoints, identifying key controls (e.g., anti-virus/anti-malware, endpoint protection, or endpoint detection and response solutions) and device management tools that are required to minimize ransomware exposure and assure expedited recovery efforts.

Enable Ransomware Cyber Hygiene Across Endpoints

Establish application resilience policies to ensure that identified mission-critical security applications and device management tools are installed and functioning as intended. Train customer personnel on how to monitor application health and apply these baseline policies to new devices as they are enrolled.

Report on Hardware and Software Inventory 

Gain insights into hardware and software inventory, as well as hundreds of other data points.  

Assess Device Security Posture

Continuously detect and report on the health of anti-malware, as well as detection and response software, deployed across endpoint assets.

Discover Sensitive Endpoint Data

Scan endpoints for sensitive data like financial information, social security numbers, personally identifiable information (PII), protected health information (PHI), and intellectual property to identify at-risk devices and enable proper back-up via a customer’s existing tools. 

Secure, On-Device End User Communications

Inform users in a timely and coordinated fashion by displaying important messaging on their device screens, preventing unnecessary help desk support calls and fragmented communications.

Freeze At-Risk Devices

Freeze endpoints to preserve evidence for litigation purposes and potentially limit further spread of infection (e.g., through network quarantine of devices).

Expedite Recovery Tasks

Gather precise insights, execute custom workflows, and automate script commands to expedite device recovery by leveraging a library of custom scripts to assist with tasks like identifying machines that have been infected or encrypted files on them, quarantining endpoints (e.g., disable networking or unlock specific device ports), or supporting the re-imaging of devices.  

Self-Healing for Endpoint Security Tools

Keep mission-critical endpoint security tools (e.g., anti-virus/anti-malware, endpoint protection, or endpoint detection and response) installed, healthy, and working effectively to ensure availability for either restoration purposes or prevention of reinfection. 

Self-Healing for Device Management Tools

Keep essential device management tools (e.g., Microsoft Endpoint Configuration Manager, formerly Microsoft System Center Configuration Manager; Microsoft Intune, Ivanti Endpoint Manager) installed, healthy, and working effectively to ensure availability for recovery purposes. 

Assist in Ransomware Recovery for Endpoints

Remotely help with endpoint recovery efforts for up to two incidents per year, following a pre-defined playbook and leveraging Absolute’s product capabilities.

Gaining an advantage for ransomware preparedness and recovery

Absolute Ransomware Response yields the following benefits:

  • Identify key controls and device management tools required to minimize ransomware exposure across device fleet and assure expedited recovery efforts.
  • Establish a cyber hygiene baseline across Absolute registered endpoints.
  • Monitor endpoint security posture and automatically heal critical controls.
  • Expedite recovery efforts leveraging custom workflows and task automation commands.
  • Receive high actionable recommendations and guidance to manage endpoint recovery efforts, putting less demands on hard-pressed IT admin and security teams.

Ultimately, Absolute Ransomware Response improves the confidence of customers in being able to prepare and quickly recover endpoints from ransomware attacks. In the stress of incident response, Absolute provides one less thing to worry about as we face these threats together.

Absolute Ransomware Response is available for purchase for new customers as part of our Secure Endpoint product portfolio. These capabilities are also available as add-on modules for existing Absolute Control and Resilience service tier customers.

For more information, please visit here or contact as at [email protected]

 

 

Financial Services