Combatting Ransomware with Trend Micro Endpoint Solutions: New Capabilities

Ransomware attacks—in which malware attempts to encrypt your critical data files, and demands payment in exchange for the encryption key—are a growing problem for businesses of all sizes.  In fact, Crypto-ransomware variants—ransomware that uses advanced techniques to avoid detection—are on the rise, accounting for more than a third of all ransomware types found in infected systems in the third quarter of 2014.

 

Backup not enough

A complete defense against ransomware must include a good backup strategy. However, even when you can re-image quickly using cloud backup systems, you can’t avoid some operational disruption. Far better to detect and eliminate crypto-ransomware before it can affect your data.

The limits of signature matching

Signature-matching technology continues to be a central element of Trend Micro endpoint defense, accounting for more than 1.4 billion blocked items per month. Signatures are a very high performance method to swat away known malware. However, in the era of advanced malware (including crypto-ransomware), signature matching by itself can’t protect you completely.

OfficeScan anti-ransomware capabilities

For several years, Trend Micro™ OfficeScan™ has gone beyond signature matching with advanced behavioral monitoring, memory inspection other next generation techniques to spot malware. OfficeScan v11 SP1, augments these techniques with improved ransomware-specific enhancements. OfficeScan now uses all of the following anti-ransomware capabilities:

Minimize false positives with cloud and local whitelists to leave known good processes alone. Block recognizable malware using existing prevention/detection layers (at the file level with signature or smaller fragments based on unpacking/memory inspection). Improve risk assessment by correlating findings on unknown items with data from the Trend Micro™ Smart Protection Network™ (SPN) global threat intelligence system. If an item is unknown to SPN or has only been seen very rarely, it is flagged as more suspicious. Detect hidden malware activity with behavior-monitoring techniques that spot patterns of unusual or malicious activity. To better spot crypto-ransomware, OfficeScan now specifically watches for unknown processes encrypting or modifying files. Plus, we continually update the behavioral patterns in order to improve ransomware detection rates even more. Kill ransomware processes and quarantine affected endpoints instantly, to dramatically minimize data loss and reduce or block spread of the ransomware. NOTE: Trend Micro is responding with new advanced capabilities that enhance endpoint protection against these ransomware attacks. (Download the latest anti-ransomware patches for OfficeScan™ v11 SP1, Worry-Free™ Standard/Advanced v9.0 SP2, and Worry-Free™ Services here.)

Application whitelisting  

Trend Micro Endpoint Application Control gives you an additional layer of protection on endpoints. Whitelisting capabilities help prevent unwanted and unknown applications (like ransomware and zero-day malware) from executing. You deploy policies that only allow your trusted applications and block all untrusted files/applications. If you purchased one of the Trend Micro Smart Protection Suites, you may already have the license for this protection—be sure you’ve activated it. 

Anti-ransomware with Trend Micro email security

Trend Micro™ Hosted Email Security and Trend Micro™ InterScan™ Messaging Security Virtual Appliance, our cloud-based and on-premises email security solutions, both filter malicious and spam email before it hits your corporate network.

In addition, both solutions provide advanced capabilities to detect ransomware:

	Spot document exploits and zero-day threats with the Advanced Threat Scan Engine, which combines pattern-based and heuristic scanning. Safely analyze suspicious documents by executing in a sandbox environment (optional with InterScan Messaging Security Virtual Appliance).

Connected Threat Defense

Our endpoint solutions integrate with Trend Micro™ Deep Discovery network breach detection, which uses a custom sandbox environment to safely execute suspicious samples (ransomware, zero-day malware, and others) detected by the network, web, or email gateways. If sandbox analysis discovers malicious code, Deep Discovery rapidly responds by delivering real-time signature updates to your endpoints. Local threat detection and response enables faster time-to-protection and reduces the spread of ransomware and other malware in your organization.

Clean up your systems

In the event of a successful attack, Trend Micro provides cleanup tools that remove the malware and prevent its spread to other endpoints.

from Trend Micro Simply Security http://ift.tt/1NkHkoI
via IFTTT