Netherlands: Security

Trend Micro Ransomeware Solution Brief

Issue link:

Contents of this Issue


Page 1 of 3

Page 2 of 4 • SOLUTION BRIEF • PROTECT YOUR ORGANIZATION FROM RANSOMWARE EMAIL AND WEB PROTECTION It all starts with your users. They're the most vulnerable when it comes to ransomware – whether it's falling for a phishing email or clicking on a malicious URL, users are the easiest target for attackers. Trend Micro has blocked over 99 million ransomware threats since October 2015, and 99 percent of those were found in malicious emails or web links 1 . By blocking ransomware at the email and web gateway, you can prevent it from ever reaching your users. Using Microsoft Office 365 for Email? Even though you are relying on a cloud-based email solution with built-in security, you are still highly vulnerable to ransomware attacks via phishing emails or malicious attachments. That's where Trend Micro can help. Trend Micro Cloud App Security has blocked more than 2 million threats that weren't detected by the built-in Office 365 security, augmenting built-in security to detect ransomware with: • Malware scanning and file risk assessment • Sandbox malware analysis • Document exploit detection • Web reputation Relying on an Email Gateway for on-premises Email Protection? Improve your email gateway ransomware detection rates. Trend Micro™ Deep Discovery™ Email Inspector uses advanced detection techniques to identify and block spear phishing emails that are often used to deliver ransomware to unsuspecting employees. By working seamlessly, and in tandem, with your existing email gateway or server security products, Email Inspector can detect and block purpose-built spear phishing emails, which use malicious attachments and URLs as common delivery vehicles for ransomware. Email Inspector delivers: • In-depth analysis of email attachments and URLs, including: Office Docs (+macros), PDFs, archives, executables, scripts, multimedia, and more • In-depth virtual analysis of URLs, including: URLs embedded in body or subject of messages and URLs embedded within documents • Script emulation and zero-day exploit detection to detect ransomware and related activity, including: mass file modifications, encryption behavior and other modifications Minimizing the Risk from Web Traffic Beyond email, your users are susceptible to ransomware by clicking on web sites that are either intentionally malicious, or have been compromised. Trend Micro™ InterScan™ Web Security protects your users on the web with: • Scanning for zero-day exploits and browser exploits, which are common paths ransomware uses to enter your organization • Integration with Trend Micro™ Deep Discovery™ for sandbox analysis • Real-time web reputation to determine if a URL is a known delivery vehicle for ransomware Known Ransomware Threats PowerWare – This malware has the ability to enumerate all logical drives, including drives mapped to shared networks. This puts an entire network at risk and could be a major threat to enterprises. PETYA – Can overwrite an affected system's master boot record to lock users out. Infected units receive the ransom note when they boot up the system and can't go any further. It is delivered to victims via legitimate cloud storage services. KeRanger – An encryption malware that is the first crypto-ransomware for Mac and is installed via an open source file-sharing application. Creators of the malware used a Mac app developed certificate to get past Apple Gatekeeper, a security feature that allows users to restrict which sources they can install apps from. SAMAS (also known as SAMSAM) –The first ransomware that has the ability to encrypt files across networks, threatening an organization's database and network- stored backups. Users of SAMAS are known to manually locate and delete network backups to force companies to pay ransom. Locky - searches and deletes Volume Shadow Copy of files, which are automatic backup files for Windows. MAKTUBLOCKER – The encryption method of this ransomware is similar to most, its infection vector is unique. It comes in the form of an email that has the user's name and mailing address, making the email seem trustworthy. When they download the attached file, the ransomware is activated. 1 Trend Labs, April 2016

Articles in this issue

Links on this page

Archives of this issue

view archives of Netherlands: Security - Trend Micro Ransomeware Solution Brief