Prevent ransomware attacks and eliminate an attacker’s ability to spread through your network by enforcing MFA protection on PsExec, PowerShell, WMI, and more.
Block ransomware from spreading through your network using compromised credentials by placing MFA policies on PsExec, PowerShell, WMI and more.
Isolate and remediate compromised machines to prevent a ransomware attack from propagating through your network.
Layer up your security so you can contain the attack and materially limit the scope of an attack, even if the measures you already have in place to prevent ransomware delivery and execution are bypassed.
Multitude of ransomware attacks are launched via RDP and 82% of them are enabled by compromised credentials. Silverfort’s access policies eliminate attackers’ ability to use these vectors for ransomware delivery.
Silverfort’s risk engine immediately detects any anomalous authentication traffic that indicates attempted propagation via tools like CMD, PowerShell and more.
Leverage risk-based policies to trigger MFA upon access of machines or users at high risk, ensuring ransomware attacks are contained in the initially infected machine (‘patient zero’) with no further impact.
Since deploying Silverfort, we have applied security controls and MFA protection to legacy applications, a vital step in improving our environments against ransomware threats.
Kurt Gielen | IT Manager
The rise of ransomware attacks on healthcare providers made ZOL Hospital’s security team realize they had to enhance its ransomware protection. ZOL searched for a solution that could go beyond preventing execution: they needed a solution that halted the spread of ransomware through their environments.
Since deploying Silverfort, ZOL Hospital has proactively blocked all incoming malicious authentications, lateral movement attempts, and ransomware attacks. Any threat actor’s attempt to login to resources on ZOL’s environment with compromised credentials is thwarted by Silverfort’s policies, which either trigger MFA or block access altogether.
Ransomware is malware that encrypts the victim’s information to hold it to ransom. Ransomware will encrypt an organization’s critical and sensitive data and prevent users from accessing files, databases or applications. The attacker will demand a ransom in return for restoring access to the encrypted data. Ransomware is often designed to spread through a network and target database and file servers, meaning it can very quickly paralyze an entire organization.
Most ransomware attacks are executed over three stages:
The typical ransomware protection stack includes security measures against the delivery and execution stages, but offers no form of protection against the propagation stage. Ransomware propagation is typically carried out by connecting to multiple machines with compromised admin credentials. Since these credentials are valid, Active Directory treats it as a legitimate authentication and grants ransomware access.
Silverfort integrates with all Identity Providers (IDP) in the environment to perform continuous monitoring, risk analysis, and adaptive access policies on all access attempts made by all users to all on-prem and cloud resources. As a result, access to resources is never granted based on credentials alone. Rather, Silverfort’s risk analysis determines whether to allow access, request further authentication of identity through MFA, or block the access attempt altogether. Silverfort can enforce MFA protection on the command line interfaces (PsExec, Powershell, WMI, etc.) that ransomware payloads use to propagate through networks.
Silverfort’s risk engine immediately detects any anomalous authentication traffic that indicates attempted propagation via tools like CMD, PowerShell, and more.