Sophos Managed Threat Response (MTR) service

Businesses large and small are under threat from increasingly aggressive and brutal ransomware attacks. Loss of access to critical files, followed by a demand for payment, can cause massive disruption to an organization’s productivity.
But what does a typical attack look like? And what security solutions should be in place to give the best possible defense?

Staying secure against ransomware isn’t just about having the latest security solutions. Good IT security practices, including regular training for employees, are essential components of every single security setup. Make sure you’re following these 10 best practices:

1. Patch early, patch often

Malware that doesn’t come in via a document often relies on security bugs in popular applications, including Microsoft Office, your browser, Flash, and more. The sooner you patch, the fewer holes there are to be exploited.

2. Backup regularly and keep a recent backup copy off-line and off-site

There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop, or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands. Furthermore, a disaster recovery plan that covers the restoration of data and whole systems.

3. Enable file extensions

The default Windows setting is to have file extensions disabled, meaning you have to rely on the file thumbnail to identify it. Enabling extensions makes it much easier to spot file types that wouldn’t commonly be sent to you and your users, such as JavaScript.

4. Open JavaScript (.JS) files in Notepad

Opening a JavaScript file in Notepad blocks it from running any malicious scripts and allows you to examine the file contents.

5. Don’t enable macros in document attachments received via email

Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure. A lot of infections rely on persuading you to turn macros back on, so don’t do it!

6. Be cautious about unsolicited attachments

The crooks are relying on the dilemma you face knowing that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt leave it out.

7. Monitor administrator rights

Constantly review admin and domain admin rights. Know who has them and remove those who do not need them. Don’t stay logged in as an administrator any longer than is strictly necessary and avoid browsing, opening documents, or other regular work activities while you have administrator rights.

8. Stay up to date with new security features in your business applications

For example, Office 2016 now includes a control called “Block macros from running in Office files from the internet,” which helps protect against external malicious content without stopping you from using macros internally.

9. Regulate external network access

Don’t leave ports exposed to the world. Lock down your organization’s RDP access and other management protocols. Furthermore, use two-factor authentication and ensure remote users authenticate against a VPN.

10. Use strong passwords

It sounds trivial, but it really isn’t. A weak and predictable password can give hackers access to your entire network in a matter of seconds. We recommend making them impersonal,
at least 12 characters long, using a mix of upper and lower case and adding a sprinkle of random punctuation Ju5t.LiKETh1s!


Ransomware attacks are only increasing in complexity and are getting more efficient at exploiting network and system vulnerabilities, leaving organizations with a significant clean-up bill. Modern firewalls are highly effective at defending against these types of attack, but they need to be given the chance to do their job. In this whitepaper we will discuss how these attacks work, how they can be stopped and best practices for configuring your firewall and network to give you the best protection possible.
Ransomware attackers are becoming increasingly sophisticated and professional in their approach. They’re targeting larger organizations, infecting hundreds of computers within them, and demanding higher ransoms. Furthermore, the costs incurred from the downtime of these attacks are skyrocketing; crippling organizations in the process.
But what has caused this shift in focus towards larger enterprises? Who and what are the main threats? And what security solutions should be in place to safeguard against these types of attacks?

Thirty years on from the world’s first cyber ransomware attack, cybercriminals continue holding organizations hostage, maliciously encrypting their files
and demanding hefty ransoms for the safe return of the data. Indeed, while headlines come and go, ransomware remains stronger than ever, with six- and seven-figure ransom demands now commonplace.
This paper explores the reasons behind ransomware’s longevity, including the factors that have enabled it to get faster, smarter, and deadlier over the years, and what we must learn from this history if we are to minimize our risk of attack in the future.


The world’s best visibility, protection, and response.

Sophos XG Firewall provides comprehensive next-generation firewall protection that exposes hidden risks, blocks unknown threats, and automatically responds to incidents.

Exposes hidden risks

Sophos XG Firewall provides unprecedented visibility into top risk users, unknown apps, advanced threats, suspicious payloads and much more. You also get rich on-box reporting included at no extra charge and the option to add Sophos iView for centralized reporting across multiple firewalls.

Blocks unknown threats

Sophos XG Firewall provides all the latest advanced technology you need to protect your network from ransomware and advanced threats including top-rated IPS, Advanced Threat Protection, Cloud Sandboxing, Dual AV, Web and App Control, Email Protection and a full- featured Web Application Firewall. And it’s easy to setup and manage.

Automatically responds to incidents

XG Firewall is the only network security solution that is able to fully identify the source of an infection on your network and automatically limit access to other network resources in response. This is made possible with our unique Sophos Security HeartbeatTM that shares telemetry and health status between Sophos endpoints and your firewall

Potent, powerful ... fast

We’ve engineered XG Firewall to deliver outstanding performance and security efficiency for the best return on your investment. Our appliances are built using Intel multi-core technology, solid-state drives, and accelerated in-memory content scanning. In addition, Sophos FastPath packet optimization technology ensures you’ll always get maximum throughput.

Simply manage multiple firewalls

Sophos Central is the ultimate cloud-management platform - for all your Sophos products. It makes day-to-day setup, monitoring, and management of your XG Firewall easy. It also provides helpful features such as alerting, backup management, one-click firmware updates and rapid provisioning of new firewalls. Optionally, Sophos Firewall Manager (SFM) provides powerful multi-device management tools for easy provisioning of consistent policies across your entire estate. And if you also want to consolidate reporting across multiple XG, SG, and Cyberoam appliances you can easily do that with Sophos iView.
sophos, interceptx_learn_more, EDR


End-to-End Endpoint Protection

To stop the widest range of threats, Sophos Intercept X employs a comprehensive defense-in-depth approach to endpoint protection rather than simply relying on one primary security technique. This is the “the power of the plus” – a combination of leading foundational (traditional) and modern (next-gen) techniques. Intercept X integrates the industry’s top-rated malware detection and exploit protection with built-in endpoint detection and response (EDR).

Harness the power of a deep learning neural network

Drive threat prevention to unmatched levels. The artificial intelligence built into Intercept X is a deep learning neural network, an advanced form of machine learning that detects both known and unknown malware without relying on signatures.
Deep learning makes Intercept X smarter, more scalable, and higher-performing than endpoint security solutions that use traditional machine learning or signature-based detection alone.