Fantom Ransomware: Looks Like Windows. Disrupts Like Hell.

Digital Internet securityAs if ransomware and Windows updates weren’t already challenging enough, a new threat pretends to be the latter but delivers the former.

If your organization has been in the process of deploying (or considering to deploy) Windows 10, then you already know about the issues regarding Microsoft’s shift to cumulative updates and the problems with third-party applications they’ve already caused at some companies.

Microsoft updates

Even if you’re not moving to Windows 10, you may still be affected by changes Microsoft is making to how it delivers updates to Windows 7 and Windows 8.1. And if you haven’t already, you should read the sagacious guidance offered in blog posts on these and related subjects by LANDESK Director of Product Management Stephen Brown and Senior Product Manager Chris Goettl.

In addition, you’ve doubtless heard and read about—or maybe even been affected by—ransomware.

Most ransomware infiltrates computer systems, locates and encrypts critical files, then demands payment of a ransom for access to the keys needed to restore access to those files. A recent variant, known as “Hitler ransomware,” threatens to encrypt critical files, but in reality, deletes them. (Read more about this variant in blog posts by me and Stephen.)

Fantom ransomware

And now, there’s Fantom. Once it gets into a system, it looks and acts like a legitimate critical Windows update. As reported by Lawrence Abrams of BleepingComputer.com and others, it even displays a realistic-looking screen that says the updates are being configured.

fantom

What’s really going on, though, is that the software is busily encrypting all the files it can find. It then displays a poorly written ransom note.

fantom2

Once that note appears, victimized users have no choice but to pay the ransom and hope that they receive the decryption keys promised by that ransom note. And that those keys actually restore access to all of their files, and that the malware infection doesn’t result in further mayhem.

This is only one recent variation on the ransomware theme. Others can be at least as disruptive to your users and your business, if not more so. A ransomware variant known as “Petya,” for example, ignores your files and goes directly after the master boot records and file tables that govern access to entire hard drives.

Ransomware webinar on September 14

All of this is why we’re having a ransomware update webinar on September 14, featuring Stephen Brown and Principal Product Manager Eran Livne. (Eran’s also written some sagacious and helpful guidance for combatting ransomware, as have other members of the LANDESK team. You can browse, read, and share these in our ransomware archive.)

It’s also why we continue to evolve our solutions for fighting ransomware. In the webinar, Stephen and Eran will describe some specific upcoming enhancements to LANDESK Security Suite that can help you to defeat even the newest ransomware variants, and keep your organization’s computers and users productive and operational.

Get and stay ahead of the bad guys developing and distributing ransomware. Protect your organization, its users, and its critical information. Start now by registering for the webinar today!

Also, be sure to get your free copy of our most popular white paper below.

Blog-CTA-Whitepaper-527x150

Saving Time, Money and Your Network With LANDESK

IT teams are constantly on the hunt for ways to save their organizations time and money. LANDESK’s portfolio of products is doing just that and MORE for its customers. The key is consolidation.

LANDESK has listened and learned from what IT professionals have been asking for and, as a result, has developed a feature-rich line that is meeting and exceeding the needs of consumers.

Everything you need in one place

“We had several different platforms to accomplish a bunch of different tasks,” said Chris Frediani, senior support specialist at NEPC, LLC. “What we wanted to accomplish by implanting LANDESK was to consolidate all those different tools into just one suite of tools.”

That’s exactly what you get with LANDESK. All the tools you need to manage your entire network — nicely packaged into one customizable platform.

“We are more efficient as a team when we just have one platform with all of the tools that we use every day, readily available in one system,” he said.

It’s a new level of efficiency that isn’t just saving customers minutes or hours, they’re shaving days off formerly time-consuming tasks.

“Before, we had this kind of archaic method of making sure that all of our endpoints were patched and within compliance standards. It would take two days to get the patching process started,” said Frediani. “Now, what used to a be a two-day thing is a 15-minute thing once a month.”

Going beyond IT management

In addition to saving time, LANDESK’s clients say they’re now able to go outside the normal bounds of IT management.

“One of the main things we wanted to accomplish with LANDESK Service Desk was to become more efficient, to get our processes nailed down, and to start rolling it out to other areas (besides IT) within our organization,” said Mike Abranink, desktop support analyst for the City of Leduc, a busy suburb of Edmonton, Alberta.

Abranink pocketed time he would have normally wasted traveling from desktop to desktop and was able to impress his bosses at the same time.

“It has made my life as a desktop analyst easier. I don’t have to go out to my users as often, it makes the distribution of software easier, and it makes tracking for our executive and CIOs easier,” he said. “One of the main benefits is through the built-in reports in LDMS. I’ve been able to pull reports that demonstrate to our executive and to our managers that by remotely controlling a desktop, we actually save time and money.”

Security-focused

Our focus isn’t just on saving you time and money; security is our number one priority. LANDESK’s security solutions are constantly on the prowl for possible vulnerabilities that threaten to wreak havoc on your system.

“The problem that we were facing when we first considered LANDESK was that we didn’t know what we didn’t know,” said Nick Gehr, enterprise support manager for Aviall. “Once we got it up and running in our environment, the light that shined on in every corner — that we just had originally no sense of awareness around — we were able to take action upon those.”

The unknown can be detrimental to a network. LANDESK’s solutions are helping IT managers seek and destroy hidden threats and keep your system protected.

“We discovered a ton of devices in our environment that weren’t being managed at all — that we didn’t even know were there until we spun up LANDESK Management Suite and it pointed them out to us,” said Frediani. “What you can do with just a couple of application platforms like LDMS and LDSD is pretty incredible.”

Businesses, corporations, and even cities are using LANDESK products to streamline their workflow and tailor IT management to the ever-changing needs of users and administrators.

“Some of the problems we were facing that made us consider LANDESK were that we started with a very small, out-of-the-box solution for a ticketing system that wasn’t meeting our needs. It wasn’t customizable; it didn’t let us have a process flow in it,” said Abranink. “LANDESK Service Desk addressed all the needs we had as we grew and it has scalability and functionality in it that’s hard to find in other places.”

Blog-CTA-Whitepaper-527x150

Why Failure to Sponsor ITSM Is Just Asking for Ransomware

Locky Ransomware virus“You are traveling through another dimension, a dimension not only of sight and sound but of mind. A journey into a wondrous land whose boundaries are that of imagination. Your next stop, the Twilight Zone!”

If you are even slightly connected on social media, maybe you have been feeling like I have lately: that you have mysteriously entered a parallel universe.

One universe is filled with rainbow-colored unicorns, where developers are magically empowered with unlimited knowledge of operational excellence. They also instinctively know the perfect customer experience (DevOps).

The other universe consists of a den of trolls who have maliciously infected every electronic device you own. What’s worse, they’ve systematically cooked up a scheme where you’re holding a winning lottery ticket, all so they can steal it from you and leave you holding the source code (SecOps).

Somewhere in the middle of all of this madness is reality.

As IT leaders, we must ground our ITSM disciplines in reality. In doing so, we recognize that ITSM is how IT gets work done. We need to understand that an appropriate balance is required in addressing any risk or opportunity.

There has always been a balancing act for our prioritization of IT resources.

CHEAP, SECURE, GOOD, or FAST. PICK TWO.

Let’s take a look at some realities. We’ll start with SecOps, and in particular, the immediate threat of ransomware.

REALITY: You are already hacked and it’s going to happen again.

How do I know this?

Ransomware and malware do not happen as a result of vulnerabilities. They happen as a result of failed ITSM sponsorship and support.

Failure to manage ITSM disciplines have enabled one or more of the following activities to take place within your environment:

  • Failure to sanction an approved software distribution program. Since users are not able to get software from the sanctioned self-service request catalog, they download and install applications on devices from other sources.
  • Failure to inventory software configuration items. With the lack of support to discover and document configuration items properly into your CMDB, management of applications (and particularly, their security) is impossible. Patch management is about updating the keys, but if you don’t know where the safes are and what type they are, your patch management is already flawed.
  • Business service models don’t exist. Failing to map critical business services and vital business functions to your technology assets removes the impact of vital decision making for access control, risk assessment, and recovery. IT works with limited resources, and this lack of intelligence is critical to change, access, and availability planning around high-value targets.
  • ITSM is focused on IT support and is separate from PMO and SDLC. Incident and request management is not ITSM. Relegating accountability for how IT gets work done to your service desk manager or director of IT operations is a critical management flaw. Asset acquisition starts with a project. Sourcing the IT asset or building it requires all parties to understand the risk levels involved. Once operational, this will directly impact response procedures, change authority, and other governance.
  • We don’t need ITSM; we outsource everything and use the cloud. Heaven help me!

BOTTOM LINE: Ransomware is a byproduct of failing to effectively sponsor ITSM enterprise-wide.

The following three tactical efforts need to happen to improve protection against ransomware and malware:

1. Establish critical business service mappings. Starting with customer-facing offerings, map the interfaces, technologies, and systems that support these customers. Define their value and risk to the business. Yes, this is hard and expensive. But try data hostage negotiations for a couple of weeks! This is a walk in the park compared to what could happen.

2. Establish the sanctioned enterprise architecture of approved and supported technologies. This definitive list should be tracked in your ITAM solution, mapped to the discovered inventory. It should be followed by a solid white-listing strategy and a rigorous “non-allowed” removal program to eliminate rouge (non-sanctioned) applications.

3. Redefine the accountability in your BYOD and cloud usage policies. Yes, it’s great that everyone wants to use their own devices for work. However, it must be crystal clear that their allowance for hijacking or malware is a personal liability. Arm your employees with security, inventory, and patch management tools that will ensure they are equipped to protect themselves, but more importantly, the corporate assets they access.

Clearly, it will take more than this to protect against ransomware. However, effective ITSM is already providing processes and tools to support these governance areas.

Is your ITSM lacking this level of governance focus or sponsorship? Talk to us about how to take your governance to the next level, and be sure to download our free whitepaper on how to prevent ransomware.

Blog-CTA-Whitepaper-527x150

Pokémon Go Ransomware: Don’t Catch This One

GettyImages-185127135It appears that this summer’s creature-catching craze has caught something of its own: ransomware.

Any type of digital, cultural phenomenon like Pokémon Go is likely to be exploited by malware writers, so it’s no surprise that Pokémon Go is now a transmitter of the malicious code.

Fun vs. fear

Just last week we learned of Hitler ransomware, which, as I noted, leverages fear by using an offensive image as a way to drive irrational behavior.

Pokémon Go appears to tap into the opposite emotion—fun—by riding the wave of this cultural juggernaut. Just as someone might panic to pay a ransom due to fear, someone might download a file without thought due to the overwhelming desire for fun.

Supply and demand

There are a few interesting economic considerations with this ransomware.

First off, as noted in the analysis by Bleeping Computer, this ransomware targets Windows computers, and apparently Arabic speakers, too, based on the image in the infected splash screen.

According to a recent CNET article, Pokémon Go isn’t even available in the Middle East yet, so any hype that is building in the media (and there is a lot) only accelerates that interest for countries that do not yet have the game.

Secondly, Pokémon Go is a mobile game, so the developers of this ransomware would need to con someone who doesn’t have a basic understanding of the game to download the application to their Windows computer on the assumption that they could get the game that way.

Considering that Pokémon Go started in the United States and has been rolling out primarily to Western countries first, it is easy to see how truth could be lost in translation, only to be exploited by unsuspecting victims.

Forbidden fun

Another interesting note is the fatwa against Pokémon games that was issued years ago by Saudi Arabia clerics and recently renewed due to issues around certain images and concepts including that of evolving the creatures.

Nothing drums up more interest than that which has been banned. Again, this is perhaps another emotion-based tactic used to lure unsuspecting victims into being exploited.

Ransomware’s future plans

Other interesting notes about this ransomware are the inclusions of a backdoor account called Hack3r which is created and hidden from users. There is no apparent use for the account except for perhaps as a seed for future devious use.

Also, there is the creation of a network share with no apparent use except as a potential delivery vehicle.

In addition to the network share, there is also an attempt to write to any removable media with and autorun entry that would attempt to launch the ransomware when loaded by other computers.

Finally, the executable is written to a drive other than C: with an autorun when the user logs into Windows. None of these techniques are new, but it appears that the authors were looking to develop something pervasive and easy to spread.

It appears that the ransomware is in development based on an incomplete encryption approach that uses a fixed key of 123vivalalgerie.

Also, the incomplete propagation techniques mentioned earlier indicate that this ransomware was caught early. Kudos to Michael Gillespie (@demonslay335) who caught this sample in the wild before it has evolved into something nastier.

Key takeaways

If there is one thing to learn with this latest ransomware discovery, it’s that malware writers leverage trending events and interests to drive the spread of their scams.

Ransomware hits at our digital hearts (our data) and therefore emotions are key to spreading and monetizing their work.

As always, beware of things that are too good to be true and take good precautions such as those listed in our article Everything You Need to Know to Prevent Ransomware.

Now back to capturing the local gym!

Blog-CTA-Whitepaper-527x150

Top 10 Most Shared Blog Posts From July 2016

GettyImages-480890367July was a hot month for LANDESK content, with nearly 1700 shares on our ransomware-related blog posts.

Our resident experts in the field—Product Manager Eran Livne; Director of Product Management Stephen Brown; and Chief Security Officer Phil Richards—each pulled from their vast amounts of knowledge and experience in the IT security space to contribute valuable insights on the topic.

Their prevention tactics, practical advice, and security solutions will help protect your business from cyber attacks.

In case you missed any of this great content, we’ve rounded up the top ten most popular blog posts from July. Starting with number ten:

10. Ransomware Bytes! How to Recover Quickly in 5 Steps

— By Stephen Brown

This post is most useful for those who have found themselves caught with ransomware. The important thing to do is not to panic and read on to find out what to do next.

9. 5 Ways Ransomware Might Make You Its Next Target

— By Eran Livne

From malicious email attachments to compromised websites, ransomware employs several insidious tactics to get into your system. Learn what they are so you won’t be the next target.

8. Satana, a New Strain of Ransomware That Mimics Petya Has Been Discovered

— By Eran Livne

Like any virus, ransomware is continuously mutating and presenting itself in different ways. Satana is one of the many newer strains to watch out for.

7. Q&A With Phil Richards, CSO: Vulnerability and How it Leads to Cybersecurity Attacks

Our Chief Security Officer, Phil Richards, gave us the rundown on system vulnerabilities and how they can lead to malicious attacks.

6. How to Stop Ransomware Once It’s Already on Your System

— By Eran Livne

As with post number ten, we want to help people recover from ransomware just as much as we want to help them prevent it. This post looks at what ransomware used to be in comparison to what it is now, and how you can stop its spread.

5. Ransomware: Should You Pay the Ransom?

— By Phil Richards

It’s a question everyone who gets infected by ransomware has to answer: Should you pay the ransom? Read on to find out the pros and cons.

4. Ransomware: The Threat and How to Protect Your Enterprise Part 1

— By Eran Livne

Your enterprise has a ton of valuable assets. Years and even decades worth of hard-earned data could all be wiped away with a cyber attack. Here’s how to protect all of that data in a few easy steps.

3. We Put Ransomware on Our Machine and Here’s What Happened

— By Eran Livne

Want to see what ransomware looks like? Check out the videos of us putting ransomware on our computer. (But don’t try this at home.)

2. Security Insider Stephen Brown Explains the Threat of Ransomware

How big of a problem is ransomware, anyway? From costing over $1 billion this year to managing multiple new mutations of the malware, Stephen Brown explains the threat in detail.

1. Infographic: The 8 Scariest Stats About Ransomware

Our number one most shared post is probably the scariest, not just because it gives visual representation of the statistics, but also because the statistics themselves are… well, scary. Read them at your own risk.

Blog-CTA-Whitepaper-527x150

Hitler Ransomware: How Low (and How Lame) Can They Go?

Red shield on a digital backgroundThe short answer to this question is pretty low and very lame.

Hitler ransomware, targeting Windows computers, was recently discovered and presents two newer angles to ransomware: an offensive presentation and the ability to destroy files without using encryption (ransom scams).

Offensive, fear-based presentation

Part of ransomware’s power is the ability it has to instigate fear in the user. Namely, the fear of losing personally valuable files. Anything that can exacerbate that fear–such as an offensive image–will trigger an even stronger primal response to protect at all costs (literally). This is the reaction that malicious developers are seeking.

As noted in an article on Hitler ransomware by Bleeping Computer, one of the elements that gives this variant of ransomware its name is the lock screen with a picture of Adolf Hitler.

He is giving his militaristic salute followed by a message that files have been encrypted and then demanding payment in the form of a Vodafone card.

Using universally-offensive imagery of a historical figure creates an immediate negative reaction in the user. This fear-based reaction, compounded by the ransom demand, is more likely to trigger irrational responses that lead to higher payments.

Crash and delete instead of encryption

The second element of this ransomware is an action other than encryption of files.

Hitler ransomware developers were either too lazy or too inept to develop encryption capabilities, so they simply decided to crash infected computers and, upon reboot, delete files.

The command used with this ransomware (del *.* /s /q) unfortunately doesn’t put files into the Recycle Bin, but a positive note is that there are many utilities available for recovering deleted files.

Key takeaways

Here few things to learn from this offensive ransomware:

  1. Implement some best practices, such as those in our article Everything You Need to Know to Prevent Ransomware, to prevent ransomware from affecting you.
  2. Use good Internet hygiene when it comes to opening attachments in email or browsing websites.
  3. If you or your business gets hit by ransomware, take a deep breath and don’t emotionally respond. Remember that fear is a tool that is used by ransomware authors.
  4. Not all files are permanently lost. In the case of Hitler ransomware, a file recovery tool may be able to help. Some ransomware has been cracked and there are utilities for decrypting files. Do some research or get an expert to help see if your data is recoverable.

Be safe out there and be sure to get your free copy of our white paper on how to protect against ransomware below.

Blog-CTA-Whitepaper-527x150

The Latest Shocking Ransomware Statistics and What You Need to Do

This past Wednesday, LANDESK hosted a webinar entitled “Ransomware: The NSA’s Top 10 Mitigation Strategies (and More).”

On that same day, ZDNet published an article that includes some fascinating—and frightening—findings from a recent survey of 540 CIOs, CISOs, and IT directors conducted by anti-malware specialists Malwarebytes.

Recent ransomware findings:

  • 40 percent of the businesses surveyed have suffered at least one ransomware attack in the past year.
  • 20 percent of the businesses surveyed “have had to stop operations entirely in the aftermath of a successful data breach.”
  • 34 percent of those businesses lost revenue as a result of ransomware attacks.
  • 60 percent of enterprise ransomware attacks each demanded a ransom of more than $1,000, and 20 percent demanded more than $10,000 each. Some ransom demands reported by survey respondents exceeded $150,000.
  • 63 percent of respondents said it took more than a full business day to install patches and “fix vulnerable endpoints” after a successful attack.

Perhaps most disturbingly, according to Malwarebytes, is that the number of exploit kits including instances of ransomware has increased by 259 percent in the past five months alone. And since exploit kits are designed to make hacking and malware delivery faster and easier, the number and severity of ransomware attacks are both likely headed in the same direction: up.

Given all of the above, it might be timely to assess your own enterprise’s preparedness to deal with ransomware. Fortunately for you, we’re here to help.

In our August 3 webinar, our Chief Security Officer Phil Richards summarized the findings and recommendations included in documents recently released by the U.S. National Security Agency (NSA), independently and in concert with more than a dozen other agencies.

He broke those findings and recommendations into six key areas. Here they are, ranked in order of importance based on poll question responses from webinar attendees.

Key recommendations:

  1. User education
  2. Data backup
  3. Network hardening
  4. Email hygiene
  5. System hardening
  6. Incident response

As Phil provided details about why each area is important and how best to implement it, I asked webinar attendees to indicate the implementation status of each at their own organizations. For each area, respondents were given four choices: comprehensive, extensive, limited, or none.

Here’s how the responses played out:

Category Comprehensive Extensive Limited None
User education 23% 18% 32% 27%
Data backup 45% 45% 9% 0%
Network hardening 32% 26% 37% 5%
Email hygiene 17% 56% 22% 6%
System hardening 26% 58% 11% 5%
Incident response 16% 32% 42% 11%

Respondents ranked user education as the most important of the six areas. However, more than a quarter of them said that their organizations have no formal user education processes or requirements in place.

This may explain why 52 percent of them said that user education is the anti-ransomware effort they expect to pursue most aggressively in the next six to 12 months.

In contrast, only four percent of respondents plan to pursue incident response most aggressively during the same period.

Given that 53 percent have only limited or no formal incident response processes in place across their enterprises, this could come back to haunt some of them should they experience a ransomware- or malware-driven incident.

If poll respondents from our webinar are indicative, ransomware priorities and preparations are all over the map for many enterprises. Possibly including your own, unless you already have or are moving toward comprehensive implementations across all six areas discussed above and in our webinar.

Otherwise, you should grab the on-demand version of our webinar to get Phil’s detailed and cogent implementation recommendations.

More ransomware resources

You should also definitely check out my colleague Eran Livne’s magnum opus, Everything You Need to Know to Prevent Ransomware, and some of the other blog posts we’ve produced on the subject.

And if you aren’t already using LANDESK Security Suite, AppSense Application Manager, or any of our other solutions for stopping ransomware and other threats in their tracks, you should at least be considering them. Contact your LANDESK or AppSense representative, or visit the product pages online to learn more or to request trials or demos. And come back here often to see our latest thinking and recommendations.

Ransomware is a real and growing threat, and we’re here to help you to avoid becoming its next victim.

Blog-CTA-Whitepaper-527x150

The Methods Behind the Ransomware Madness and How to Prevent an Attack

The majority of ransomware attacks today are infecting users’ machines using two main methods.

In this post, I will describe these two methods, as well as provide actionable tips on how to reduce the risk of these types of ransomware infecting your end users.

Distribution Method 1: Ransomware as an Attachment

Cybercriminals are using social engineering to trick users into opening attachments that are embedded into seemingly convincing and legitimate-looking emails.

In some cases, the attachment is the ransomware itself (i.e., running it will run the ransomware code), but since ransomware is just an executable, security solutions have a good chance of catching the ransomware and preventing it from running.

For this reason, many types of ransomware are using different attachmentsand not pure executablesto trick users into opening them.

The common attachment type, until recently, was Microsoft documents. Specifically, cybercriminals were utilizing Microsoft macro capabilities to download the ransomware executable and run it on the victim’s machine.

This poses two challenges for them:

  1. First, they need to convince the user to open the document.
  2. Second, since Microsoft by default requires the user to approve running a macro, the user has to be tricked to allow Microsoft to run the macro.

Both are accomplished by different tactics, and one example is described here. However, even without reading the blog, the screenshot below provides a simple example:

ransomware

Once the user enables macros, the macro will download the ransomware code and execute it in the background–effectively encrypting the victim’s files.

Warding off Ransomware as an Attachment

Tip 1: Protect against ransomware that uses Microsoft macros to download by disabling macros on end users’ machines. This will disallow users from running the macro and, as a result, the ransomware cannot be unleashed. LANDESK Security Suite provides an automated method for disabling macros on all endpoints, all of which can be done remotely from a central console.

As tricking users to run macros can be a bit challenging, cybercriminals have shifted their attention to a different kind of attachment: JavaScript-based ones.

In most cases, the attachment will actually be a ZIP file which includes the JavaScript malicious code. Users are tricked to open (unzip) the zip file and execute the JavaScript (.js) file inside it.

By default, Windows runs JavaScript code using the Windows script engine (wscript). Note that by default, JavaScript is not executed inside a web browser. The JavaScript code will download the ransomware code and execute it.

Tip 2: Protect against ransomware that uses JavaScript by preventing Windows from running the JavaScript code so users cannot run this malicious JavaScript code. This can also be done using LANDESK Security Suite, which allows you to define rules that prevent wscript (or any other scripting engine) from executing .JS (JavaScript) code.

Distribution Method 2: Compromised Websites

Like many other types of malware, ransomware is all about leveraging vulnerabilities. These vulnerabilities are mainly discovered in internet-facing applications such as web browsers, Adobe Flash and PDF Reader, Java, and others to infect the victim’s machine.

Using spam emails and other web technologies, the cybercriminals are doing a good job of convincing users to visit “their” websites. These websites were designed to detect the software used by the victim and apply the best exploit based on the software the victim is using. Once the exploit is applied, the ransomware is downloaded and executed on the victim’s machine.

Warding off Ransomware on a Compromised Website

Tip 3: Protect against ransomware that is spread via compromised websites by ensuring that your users’ software is up-to-date. This is especially important for internet-facing applications like web browsers, Adobe, Java and in many cases Microsoft Office.

Compromised websites are most likely to exploit known vulnerabilities in software as the cost involved in finding zero-day vulnerabilities is high and most users do not update their software, which means there is a good chance that users are still running software with known vulnerabilities that are easy to leverage.

Ensuring users are using the latest version of the software reduces dramatically the chance of a compromised website be able to infect the end user machine and successfully run a ransomware on that machine.

LANDESK Patch Manager allows security administrators to easily and cost-effectively scan for missing software patches (software updates) and install the latest software version remotely on each one of the end users’ machines. LANDESK Patch Manager also supports scanning and patching for most third party applications including all web browsers, Java, Adobe flash, PDF readers and Microsoft Office.

In addition, smart distribution and bandwidth management capabilities ensure that large and distributed deployments are possible.

Don’t catch ransomware on your system! Check out our free white paper below for more information on how YOU can avoid getting infected.

Blog-CTA-Whitepaper-527x150