A new approach to Ransomware with Trend Micro

tm logo final sofsol.png
As the distributor for multiple brands of security software, we’ve had a number of queries from resellers nationwide asking the question “How can I secure my customers against Cryptolocker?” This form of Ransomware has been affecting more customers recently – and has caused havoc for not just SMB customers but Enterprise customers nationwide.Traditional anti-malware solutions aren’t able to combat this threat easily. This is because of the rapid evolution of the threat, in that a unique Ransomware threat can be created and deployed within 15 minutes. Pattern based anti-malware solutions become less effective in protecting against these threats – and a multi layered security strategy needs to be sought to protect users before the threat hits the customer. Moreover, code can enter an organisation in one form but evolve once it’s inside – even combine multiple elements from different sources – meaning a multi-layered solution is needed to neutralise the threat before it begins to work.

This post tells you about a couple of new tricks that Trend Micro has come up with, which are smart enough to detect and thwart ransomware.

At the Email Gateway:

Enabled at the email scanning level (the attack vector of choice), Trend Micro are able to identify possible social engineering attacks using SNAP (Social Networking Attack Prevention) then test them using Deep Discovery Analyser. Deep Discovery Analyser is a new technology that uses a secure sandbox environment that has the ability to accelerate time (up to one month’s time lapse processed in one minute), and if a payload is detected, it will block the e-mail message from being delivered.

Deep Discovery Analyser is included at no extra cost in Hosted Email Security (HES) and is a chargeable add-on for Trend Micro’s ScanMail plug-in for Microsoft Exchange and Lotus Domino and the on-premises email gateway InterScan Messaging Security Virtual Appliance (IMSVA). With ScanMail and IMSVA the end-user can modify and tune the sandbox settings to meet their own configuration needs. SNAP is included by default as a new feature in HES and IMSVA.

At the End-Point

Whether your customers are running an SMB solution (Worry-Free Security xxx) or an Enterprise solution (OfficeScan/Enterprise Security Suite xxx/Smart Protection Suite), these solutions now contain an anti-Ransomware capability which detects malicious behaviour and blocks processes that are commonly associated with Ransomware exploits. It also monitors for unauthorised file encryption and immediately blocks it before too much damage can be done.

Trend Micro have also released “Best Practice Guides” and information on addressing Ransomware, click on the links below to view:

To find out more about how Trend Micro solutions can protect your customers against Ransomware, and how we can assist you with delivering this under the Managed Services Provider (MSP) program or with perpetual licencing, please contact our Trend Micro team at trendmicro.