Sophos Central Endpoint Intercept X - The solution against ransomware
Sophos Central

Sophos Central Endpoint Intercept X - The solution against ransomware

Patrizio - September 27, 2016

Let's face the facts. Anyone who goes online with a computer today is suddenly exposed to so many dangers that can only be protected against with a mixture of common sense, good virus protection and, at best, a firewall with a web filter behind the network. Shutting down your computer in the evening without catching malware is becoming more and more of a challenge!

Since November 2015, Ransomware has been in the headlines and for a long time there was no technical protection, only tips and advice for IT managers. With Sophos Intercept X , Sophos has now launched a product that supplements your existing endpoint security solution and can protect against ransomware, zero-day exploits and stealth attacks.

In this blog post we leave the classic viruses, worms and trojans behind us and devote ourselves to the very bad kind, the so-called Ransomware. We will also show you how Sophos can protect against this malware and what products are required.

What's ransomware?

Imagine you open the attachment of an email and suddenly a message appears on the screen that your data has just been encrypted and you will not receive it again until you pay a "ransom" for it. However, payment is not made in a form that is known, e.g. by PayPal, credit card or bank transfer, because the transactions should be as anonymous as possible and cannot be traced. As if you weren't stressed enough after this incident, you also have to deal with Bitcoins. Pretty bold, huh?

Ransomware - If you suddenly have to pay ransom for your data.

Today's hacker has found an incredibly effective way to make a lot of money in a very short time. The hacker, or better said, the hacker organization, receives sufficient financial resources, with which a portion can be reinvested in the further spread of ransomware. The danger that you or even your company will become a victim of this is increasing. Think for yourselves what your company data would be worth to you.

In the following video, Sophos explains the topic in 90 seconds:

Ransomware does not disappear

Ransomware is currently the most effective attack, so it won't disappear so quickly. Your data is encrypted and if you want it back, you have to pay. Private individuals also have data, not just companies. So everybody's at risk. Companies simply bear the greater risk here, as more users access the same data. It is enough for a single employee to catch something and the group drive is encrypted and the company stops. For hackers, ransomware is a success story, because it is a billion dollar business! Those who have not yet done anything about it should definitely do something.

How can I protect myself against ransomware?

When the topic of "ransomware" came up in public, there were many advisors who showed IT managers what could be done about these crypto trojans. Basically, it was advised to train the employees, to actively draw attention to these dangers and to create regular backups of company data. There was no software solution that could have recognized such a trojan. Anti-virus software vendors were overwhelmed with these new and quite intelligent trojans and some vendors still are today. Sophos first launched a solution to combat advanced persistent threats (APTs) and zero-day malware in December 2015 with Sophos Sandstorm. That was a start, at least. If you want to protect against ransomware, we can recommend the all-new product Sophos Intercept X, which we believe should be installed on every endpoint.

Update: Meanwhile there are the new products Intercept X Advanced and Intercept X Advanced for Server.

Using Sophos Intercept X against ransomware

We believe that Sophos Intercept X is a must to effectively protect against these new threats. Intercept X is based on the technology of the security provider Surfright, which was acquired last year. The first product to be purchased was Sophos Clean. With Intercept X, this technology has now also been integrated into Sophos Central and enhanced with new features. Threat pattern detection relies on behavioral analysis, attack vectors and big data. This allows malware to be detected without the need for updates or signatures. Signatureless detection also has the advantage of being protected against unknown malware and attacks by zero-day exploits.

CryptoGuard - An Anti-Ransomware Innovation

A component of Intercept X is CryptoGuard. This feature protects against ransomware and immediately detects when files are encrypted. If this happens, file encryption is blocked and already encrypted files are automatically recovered so that no data loss occurs.

You can see what this looks like in practice in this video:

Killer feature is the analysis

The icing on the cake comes to the end. Imagine, despite all the protection names, malware has made it into your network. How did this happen? Which devices have been infected and what should be done now? The "Root Cause Analysis Tool" of Intercept X can answer all these questions down to the smallest detail. A 360-degree visual analysis helps you find out where the attack took place, which system parts were affected and where it could have been stopped. In addition, recommendations for similar attacks in the future are provided. You can see exactly what this looks like in the following video:

Additional protection to the existing antivirus

Choosing the right antivirus package is almost overwhelming. There are Symantec, McAfee, Kaspersky, Trend Micro, Avira and Avast, to name some. It is very likely that you are using one of these products. With Intercept X you don't have to change anything! It's even desirable because Sophos Intercept X can or better needs to be installed in addition to existing endpoint security solutions from any vendor, increasing security levels.

Intercept is not an alternative to an anti-virus, it is an additional protective layer.

Sophos Intercept X can also be used in conjunction with Sophos Central Endpoint Standard (NEW!) or Advanced, providing a powerful additional layer of protection.

Intercept X Management

Intercept X can be installed and managed from the cloud-based management console Sophos Central. Administrators can control and configure settings, output licenses, add new endpoints and track all activities.

System requirements

Intercept X works alongside your existing antivirus software. Whether this is McAffee, Kaspersky, Symantec, Trend Micro, Avira, Avast or some other endpoint protection.

According to our contact at Sophos, a Mac solution is on the way and will also be built into Intercept X.

Try Sophos Intercept X now!

You can try Sophos Intercept X for free for 30 days to see for yourself. You simply need a Sophos Central account.

If you don't have a Sophos Central account yet, you can create one on the Sophos website and try all features, including "Sophos Intercept X", free for 30 days.

If you already have a Sophos Central account and the 30-day trial period has expired, you can either order a "Sophos Intercept X" license from our store or you can choose our "Sophos Central subscription" and rent the licenses monthly according to the "Pay-As-You-Go" principle:

Ransomware Simulator

If you still don't trust this and feel protected against Ransomware without Intercept X, then have a look at the independent and free test program "RanSim" by KnowBe4. With this tool you can test if your system could be infected by Ransomware.

More information about Sophos Intercept X:

Send Your Feedback

Share your thoughts about this article, your private queries are always welcome and greatly appreciated.

Send Feedback
All information are confidential

On our blog we regularly publish articles on various topics related to Sophos. To make sure you don't miss any articles, you can subscribe to our newsletter, and once a month you will receive an email with a summary of all articles published in the last 30 days.

Knowledge base

Do you need help with a Sophos product? Then maybe our free knowledge base can help you. We try to document most support requests in an article so that we can help as many people as possible.