It all starts with your users. They’re the most vulnerable when it comes to ransomware – whether it’s falling for a phishing email or clicking on a malicious URL, users are the easiest target for attackers. Trend Micro has blocked over 99 million ransomware threats since October 2015, and 99 percent of those were found in malicious emails or web links. By blocking ransomware at the email and web gateway, you can prevent it from ever reaching your users.
Trend Micro detected 99 percent of ransomware threats in email messages or web links. That still leaves 1 percent that could make it through to your endpoint.
Trend Micro Smart Protection Suites deliver several capabilities that minimize the risk of ransomware to your endpoints, including:
· Behaviour Monitoring: for suspicious behaviour associated with ransomware, such as the rapid encryption of multiple files, so that the encryption process can be automatically stopped and the endpoint isolated, before the ransomware can spread and cause more damage to your data.
· Application Control: dynamically and automatically creates application white lists, which will only allow known good applications to execute, and prevent the execution of unknown applications such as ransomware.
· Vulnerability Shielding: protects you from ransomware that takes advantage of unpatched software vulnerabilities, a target for exploit kits in attacks. This includes shielding end-of-support systems like Windows XP.
Email and web are common ways ransomware enters your organization, but other network protocols and attack methods can expose you to ransomware. That’s why you need a network defence strategy that stops ransomware from accessing and spreading within your network.
Ransomware is increasingly targeting servers, including recent high profile examples like SAMSAM, where attackers are targeting known software vulnerabilities to inject ransomware. Attacks on your servers, where the majority of your critical data resides can be particularly disruptive to your business.
• Suspicious Activity Detection and Prevention: If ransomware attempts to gain a foothold in a data centre (e.g. via a compromised user connecting to a file server), Deep Security can detect suspicious network activity and prevent it from continuing, while also alerting that there is an issue.
• Vulnerability Shielding: Protects servers and applications from ransomware attacks by shielding them against exploits of known software vulnerabilities that could be used to inject ransomware, including in end-of-support systems like Windows 2003.
• Lateral Movement Detection: If ransomware should get into the data centre, Deep Security can also help to minimize the impact by detecting and blocking it from spreading to more servers.