Ransomware Protection

Prevent ransomware attacks and eliminate an attacker’s ability to spread through your network by enforcing MFA protection on PsExec, PowerShell, WMI, and more.

The Power
of MFA

Block ransomware from spreading through your network using compromised credentials by placing MFA policies on PsExec, PowerShell, WMI and more.

Attack Surface

Isolate and remediate compromised machines to prevent a ransomware attack from propagating through your network.

Last Line of

Layer up your security so you can contain the attack and materially limit the scope of an attack, even if the measures you already have in place to prevent ransomware delivery and execution are bypassed.

Watch demo video

Protect against remote delivery of ransomware

Multitude of ransomware attacks are launched via RDP and 82% of them are enabled by compromised credentials. Silverfort’s access policies eliminate attackers’ ability to use these vectors for ransomware delivery.

Detect any attempt to automatically propagate ransomwares

Silverfort’s risk engine immediately detects any anomalous authentication traffic that indicates attempted propagation via tools like CMD, PowerShell and more.

Prevent the spread of ransomware with adaptive policies

Leverage risk-based policies to trigger MFA upon access of machines or users at high risk, ensuring ransomware attacks are contained in the initially infected machine (‘patient zero’) with no further impact.

ZOL Hospital
Case Study

Since deploying Silverfort, we have applied security controls and MFA protection to legacy applications, a vital step in improving our environments against ransomware threats.

Kurt Gielen | IT Manager

  • Customer Challenge

    The rise of ransomware attacks on healthcare providers made ZOL Hospital’s security team realize they had to enhance its ransomware protection. ZOL searched for a solution that could go beyond preventing execution: they needed a solution that halted the spread of ransomware through their environments.

  • Silverfort Solution

    Since deploying Silverfort, ZOL Hospital has proactively blocked all incoming malicious authentications, lateral movement attempts, and ransomware attacks. Any threat actor’s attempt to login to resources on ZOL’s environment with compromised credentials is thwarted by Silverfort’s policies, which either trigger MFA or block access altogether.

Stop Identity Threats Now

Frequently Asked Questions

  • What is a ransomware attack?

    Ransomware is malware that encrypts the victim’s information to hold it to ransom. Ransomware will encrypt an organization’s critical and sensitive data and prevent users from accessing files, databases or applications. The attacker will demand a ransom in return for restoring access to the encrypted data. Ransomware is often designed to spread through a network and target database and file servers, meaning it can very quickly paralyze an entire organization.

  • How do ransomware attacks work?

    Most ransomware attacks are executed over three stages:

    1. Initially, the attacker will deliver the ransomware payload to the target machine.
    2. They will then execute the payload to encrypt or delete data files on the machine.
    3. The final stage is propagation, where the attacker spreads the ransomware across multiple machines within the environment to encrypt their data files as well.
  • Why is the propagation of ransomware the biggest threat?

    The typical ransomware protection stack includes security measures against the delivery and execution stages, but offers no form of protection against the propagation stage. Ransomware propagation is typically carried out by connecting to multiple machines with compromised admin credentials. Since these credentials are valid, Active Directory treats it as a legitimate authentication and grants ransomware access.

  • How can Silverfort protect against incoming ransomware attacks?

    Silverfort integrates with all Identity Providers (IDP) in the environment to perform continuous monitoring, risk analysis, and adaptive access policies on all access attempts made by all users to all on-prem and cloud resources. As a result, access to resources is never granted based on credentials alone. Rather, Silverfort’s risk analysis determines whether to allow access, request further authentication of identity through MFA, or block the access attempt altogether. Silverfort can enforce MFA protection on the command line interfaces (PsExec, Powershell, WMI, etc.) that ransomware payloads use to propagate through networks.

  • Can Silverfort protect from automated ransomware propagation attempts?

    Silverfort’s risk engine immediately detects any anomalous authentication traffic that indicates attempted propagation via tools like CMD, PowerShell, and more.