By: Farooq | November 03, 2016

What is Ransomware?

Ransomware is a type of malware that locks, encrypts, or otherwise prevents data and systems from being accessed by their owners, and requires victims to pay a ransom to the criminal responsible for the attack in order to regain access.

It is primarily distributed via exploit kits, social engineering schemes and spam mails that are sent to a large number of email addresses. When a recipient opens a malicious attachment or clicks a compromised link, the malware is downloaded on to the user’s system.

The fear of losing priceless data can push users to pay the ransom—and while they may opt to pay, having their files unlocked or decrypted is never a guarantee.

Protecting from Ransomware

Ransomware has rapidly emerged as a significant threat to businesses and organizations of all sizes. In this day and age where data is invaluable, cybercriminals are taking advantage of people who don’t know a lot about malware behaviour.

You need a plan to minimize the risk of this high profile threat, so that you can avoid the business disruption, loss of productivity, damage to brand reputation and legal implications that come along with recovering from a ransomware attack.

Defeating Ransomware with Trend Micro

There is no silver bullet when it comes to ransomware or security for that matter; it requires a multi-layered, step-by-step approach for the best risk mitigation.


It all starts with your users. They’re the most vulnerable when it comes to ransomware – whether it’s falling for a phishing email or clicking on a malicious URL, users are the easiest target for attackers. Trend Micro has blocked over 99 million ransomware threats since October 2015, and 99 percent of those were found in malicious emails or web links. By blocking ransomware at the email and web gateway, you can prevent it from ever reaching your users.


Trend Micro detected 99 percent of ransomware threats in email messages or web links. That still leaves 1 percent that could make it through to your endpoint.

Trend Micro Smart Protection Suites deliver several capabilities that minimize the risk of ransomware to your endpoints, including:

·  Behaviour Monitoring: for suspicious behaviour associated with ransomware, such as the rapid encryption of multiple files, so that the encryption process can be automatically stopped and the endpoint isolated, before the ransomware can spread and cause more damage to your data.

·  Application Control: dynamically and automatically creates application white lists, which will only allow known good applications to execute, and prevent the execution of unknown applications such as ransomware.

·  Vulnerability Shielding: protects you from ransomware that takes advantage of unpatched software vulnerabilities, a target for exploit kits in attacks. This includes shielding end-of-support systems like Windows XP.


Email and web are common ways ransomware enters your organization, but other network protocols and attack methods can expose you to ransomware. That’s why you need a network defence strategy that stops ransomware from accessing and spreading within your network.


Ransomware is increasingly targeting servers, including recent high profile examples like SAMSAM, where attackers are targeting known software vulnerabilities to inject ransomware. Attacks on your servers, where the majority of your critical data resides can be particularly disruptive to your business.

• Suspicious Activity Detection and Prevention: If ransomware attempts to gain a foothold in a data centre (e.g. via a compromised user connecting to a file server), Deep Security can detect suspicious network activity and prevent it from continuing, while also alerting that there is an issue.

• Vulnerability Shielding: Protects servers and applications from ransomware attacks by shielding them against exploits of known software vulnerabilities that could be used to inject ransomware, including in end-of-support systems like Windows 2003.

• Lateral Movement Detection: If ransomware should get into the data centre, Deep Security can also help to minimize the impact by detecting and blocking it from spreading to more servers.


Be the first to comment ...

Post a Comment