Unavoidable ransomware trap (patent pending), directly targets ransomware's core business logic, makes it impossible to fulfill its goal for ransom demanding. The design and implementation goes into Windows system kernel, watching for ransomware's behavior, stops it at run time and restores encrypted user data file:   

  • Unavoidable ransomware trap specially designed for ransomware detection and user data files restoring. This feature is built into TXShield EDR, but it can also be a stand-alone function for integration.
  • Ransomware incident investagtion capability quickly identifies encrypted files and provides accurate scope of the problem. This feature is built into TXHunter. If no TXShield agent is installed, one can use TXHunter on-demand agentless or offline operation to perform the post ransomware incident investigation.
  • Proactive investigation, scheduled to run periodically such as daily or weekly, routinely checks for all kinds of malicious activities and mis configurations, to identify potential threats and weakness before attacks.
Ransomware investigation

Ransomware investigation

If you haven't installed TXShield agent and attacked by ransomware, you can still use TXHunter ondemand agent to perform a quick investigation to find out how many and what are those files encrypted by the ransomware, what infection the ransomware has done to your system, and how to stop and clean it up. The whole process takes about a few minutes. Through this click and perform investigation process, you will understand the scope of the problem and what steps needed to mitigate the attack.