Ransomware attacks—in which malware attempts to encrypt your critical data files, and demands payment in exchange for the encryption key—are a growing problem for businesses of all sizes. In fact, Crypto-ransomware variants—ransomware that uses advanced techniques to avoid detection—are on the rise, accounting for more than a third of all ransomware types found in infected systems in the third quarter of 2014.
Backup not enough
A complete defense against ransomware must include a good backup strategy. However, even when you can re-image quickly using cloud backup systems, you can’t avoid some operational disruption. Far better to detect and eliminate crypto-ransomware before it can affect your data.
The limits of signature matching
Signature-matching technology continues to be a central element of Trend Micro endpoint defense, accounting for more than 1.4 billion blocked items per month. Signatures are a very high performance method to swat away known malware. However, in the era of advanced malware (including crypto-ransomware), signature matching by itself can’t protect you completely.
OfficeScan anti-ransomware capabilities
For several years, Trend Micro™ OfficeScan™ has gone beyond signature matching with advanced behavioral monitoring, memory inspection other next generation techniques to spot malware. OfficeScan v11 SP1, augments these techniques with improved ransomware-specific enhancements. OfficeScan now uses all of the following anti-ransomware capabilities:
|
|
Application whitelisting
Trend Micro Endpoint Application Control gives you an additional layer of protection on endpoints. Whitelisting capabilities help prevent unwanted and unknown applications (like ransomware and zero-day malware) from executing. You deploy policies that only allow your trusted applications and block all untrusted files/applications. If you purchased one of the Trend Micro Smart Protection Suites, you may already have the license for this protection—be sure you’ve activated it.
Anti-ransomware with Trend Micro email gateway security
Trend Micro™ Hosted Email Security and Trend Micro™ InterScan™ Messaging Security Virtual Appliance, our cloud-based and on-premises email gateway security solutions, both filter malicious and spam email before it hits your corporate network.
In addition, both solutions provide advanced capabilities to detect ransomware:
|
|
Connected Threat Defense
Our endpoint solutions integrate with Trend Micro™ Deep Discovery network breach detection, which uses a custom sandbox environment to safely execute suspicious samples (ransomware, zero-day malware, and others) detected by the network, web, or email gateways. If sandbox analysis discovers malicious code, Deep Discovery rapidly responds by delivering real-time signature updates to your endpoints. Local threat detection and response enables faster time-to-protection and reduces the spread of ransomware and other malware in your organization.
Clean up your systems
In the event of a successful attack, Trend Micro provides cleanup tools that remove the malware and prevent its spread to other endpoints.
