Unplanned Outage: Due to a technical glitch, customers might see higher wait times on Sophos Call Lines. We request for your kind cooperation. Please prefer logging a case via Sophos Support Portal, unless the situation is critical for you.
I would like to know if only Intercept X is enough to protect a computer from Cryptolocker v3 and Sucylocker ransomware.
If isnt enough, will Central InterceptX Advanced be the solution to fully protect the computer from ransomware?
I would like to know if only Intercept X is enough to protect a computer from ransomware like Cryptolocker v3, Sucylocker, Bluekeep, Wannacry, etc.
If isnt enough, will Central Intercept X Advanced be the solution to fully protect the computer from ransomware?
The result of a test for Intercept X with this ransomware is showed in the following photos.
Carlos Raul Leon Quiroga
Estudiante de pregrado-Ingeniería de Telecomunicaciones
Universidad Nacional de Ingeniería
Hello Carlos Raul Leon Quiroga,
I must admit that I was distracted by the seemingly duplicated post that just contained an additional picture and at first I missed The result of a test ....Do I understand correctly that
Guess you're not using live ransomware but partially defanged samples?
Yes, the three items are true.
It is ok, that is my doubt.
I see.As said, Intercept X assesses a processes behaviour. It is also "licensed to kill (processes)" and revert changes. Therefore it aims to be sure it disn't disrupt operations. Kemp in mind that encryption, extension change, or other operations ransomware performs might also be done by legitimate applications - even bulk operations. Therefore it makes sure it's not trigger-happy. The test might not contain some characteristic (e.g. communication with a C&C server) that positively identifies it as malicious.If a guard in a public place is instructed to kill an attacker but naturally spare innocent persaons - how would or could you test this?
I am curious because I have ran my own tests with Ransomware against Sophos. In many cases the Ransomware appears to have executed, showing the same file lists as your pics. But are the files actually encrypted? Or did Sophos intervene and restore/prevent the actual encryption of the files.
are the files actually encrypted? it should be fairly easy to confirm or refute this, shouldn't it?did Sophos intervene? If a a process attracts attention and is subsequently deemed malicious it is stopped in its tracks. Unlikely (but not impossible) that the ransom note is displayed in this case but then the log (if it is genuine) should contain only a few entries.
As said, it's not easy to design a "test" that passes as the real thing ...