Trend Micro | How to raise the protection level of your environment against Ransomware / Cryptolocker

For Ransomware/cryptolocker we have below the following info available. Ransomware is very difficult to detect as there are almost daily new variants making it very hard to protect with a signature based approach. Therefore we recommend to implement additional measures to raise the protection level of your environment. This info is available in our knowledgeable articles. Within OfficeScan we have introduced technologies (in version 10.6 and 11) that should help to protect even further like SPN and WRS/ERS. This is also mentioned in our best practices guides.

General article

http://blog.trendmicro.com/trendlabs-security-intelligence/the-prevalence-of-crypto-ransomware/

http://blog.trendmicro.com/trendlabs-security-intelligence/ctb-locker-ransomware-includes-freemium-feature-extends-deadline/

Ransomware KB

http://esupport.trendmicro.com/solution/en-us/1099423.aspx

OfficeScan best practices

http://esupport.trendmicro.com/solution/en-US/1054115.aspx

Anti_Ransomware tool (police). Can be used on affected machines

http://esupport.trendmicro.com/solution/en-US/1097042.aspx

Overview of general tools to clean up machines for general purposes (not specific Ransomware)

http://esupport.trendmicro.com/solution/en-us/1055290.aspx

block cryptolocker/ransomware in mail attachment

http://esupport.trendmicro.com/solution/en-us/1099665.aspx

http://esupport.trendmicro.com/solution/en-us/1099619.aspx

Enabling the following features should be a must according to today’s threats landscape:

Blocking EXE file within a ZIP file using the Attachment Blocking of WFBS and SMEX

http://esupport.trendmicro.com/solution/en-us/1099619.aspx

Blocking EXE files within an archive or ZIP file in InterScan Messaging Security

http://esupport.trendmicro.com/solution/en-us/1099617.aspx

Enabling Meerkat in OfficeScan (OSCE) 11.0

http://esupport.trendmicro.com/solution/en-us/1103392.aspx

Sample Collection

  • To ensure that new variants of this malware family is detected, we need to continue collecting samples so it can be submitted for analysis and added to the patterns and solutions if needed.
  • This is best done by filtering and blocking email attachments using Trend Micro’s Messaging products. Refer to the following links:

http://esupport.trendmicro.com/solution/en-US/1099665.aspx

http://esupport.trendmicro.com/solution/en-US/1101849.aspx

  • Normal filtering configuration should be reverted once the alert has passed
  • Collect and submit spam and all quarantined samples for sourcing and analysis.

For new cases you may upload 1 ZIP or RAR file (up to 50 MB) that is protected with the password “virus” to the following link:

http://esupport.trendmicro.com/en-us/business/pages/virus-and-threat-removal.aspx?utm_source=email-signature&utm_medium=tech-support&utm_campaign=Virus-Threat-Help

FTP will be helpful for other samples. ZIP or RAR files that is protected with the password “virus”

2016-12-11T18:05:32+00:00 June 25th, 2016|
SecureLink

SecureLink

X