New in 2023.9: Ransomware Rollback

  • September 4, 2023
  • 3 min read

In the event of a ransomware attack, backups can be a life saver – or, more accurately, a data saver. But what if your backups get deleted or encrypted? This has become a standard tactic in ransomware attacks and it can leave you without any way to recover your files – except for paying the ransom, that is, but nobody wants to be forced to do that. This is where our new Rollback feature comes into play. You can think of it as a bacon-saving backup for your backups.

Rollback is a feature of the Endpoint Detection and Response (EDR) component of Emsisoft Enterprise Security, and here’s how it works. If a potential incident is identified by MITRE rules, a backup of any files which are altered during that incident will be automatically created, enabling you to easily and quickly revert the system to the prior state in the event of unwanted changes. The backups are not Volume Shadow Copy snapshots – which ransomware can also delete  – and are safely stored in a secure vault which cannot be deleted or encrypted.

If you need to revert a system to a previous state, simply go to the Incidents panel in your workspace, select the incident and click the ‘Remediate’ button. If Rollback is available for that incident, the “Remediation” dialog will provide the required options to undo whatever changes the untrusted program made.

We should say here that our products are specifically designed to stop ransomware in its tracks, long before it can encrypt your files, and this means you’ll almost certainly never need to use Rollback. We’ve developed the feature simply as a safety net that provides you with an additional recovery option in the very – very – unlikely event that an attack succeeds.

Some important points:

We’re also introducing a new Remediation History feature. Accessed via the Incidents panel, it’s a scrollable log which shows all remediation actions that were taken on all devices in your workspace in relation to any specified threat. The feature makes it easy for you to see exactly what actions were taken in response to any particular incident.

All enhancements and improvements in a nutshell

Device protection (desktop)

Management console (web app)

How to obtain the new version

So long as you have auto-updates enabled, you will receive the latest version automatically during your regularly scheduled updates.

Emsisoft Endpoint Protection: Award-Winning Security Made Simple

Experience effortless next-gen technology. Start Free Trial

Note to Enterprise users: If you have chosen to receive “Delayed” updates, client systems will receive the new version no earlier than 30 days after the regular “Stable” availability.

Emsi

Emsi

Emsisoft founder and managing director. In 1998 when I was 16, a so called 'friend' sent me a file via ICQ that unexpectedly opened my CD-ROM drive, which gave me a big scare. It marked the start of my journey to fight trojans and other malware. My story

What to read next