For Ransomware/cryptolocker we have below the following info available. Ransomware is very difficult to detect as there are almost daily new variants making it very hard to protect with a signature based approach. Therefore we recommend to implement additional measures to raise the protection level of your environment. This info is available in our knowledgeable articles. Within OfficeScan we have introduced technologies (in version 10.6 and 11) that should help to protect even further like SPN and WRS/ERS. This is also mentioned in our best practices guides.
OfficeScan best practices
Anti_Ransomware tool (police). Can be used on affected machines
Overview of general tools to clean up machines for general purposes (not specific Ransomware)
block cryptolocker/ransomware in mail attachment
Enabling the following features should be a must according to today’s threats landscape:
Blocking EXE file within a ZIP file using the Attachment Blocking of WFBS and SMEX
Blocking EXE files within an archive or ZIP file in InterScan Messaging Security
Enabling Meerkat in OfficeScan (OSCE) 11.0
- To ensure that new variants of this malware family is detected, we need to continue collecting samples so it can be submitted for analysis and added to the patterns and solutions if needed.
- This is best done by filtering and blocking email attachments using Trend Micro’s Messaging products. Refer to the following links:
- Normal filtering configuration should be reverted once the alert has passed
- Collect and submit spam and all quarantined samples for sourcing and analysis.
For new cases you may upload 1 ZIP or RAR file (up to 50 MB) that is protected with the password “virus” to the following link:
FTP will be helpful for other samples. ZIP or RAR files that is protected with the password “virus”