Encryption is now used as a weapon, holding companies’ and individuals’

critical data hostage

Internet SecurityThreat ReportVOLUME 21, APRIL 2016

600

500

400

300

200

100

Thousands

Growing Dominance ofCrypto-Ransomware

Percentage of new families of misleading apps, fake security software (Fake AV), locker-ransomware, and crypto-ransomware

Regularly back up files on both the client computers and servers. Either back up the files when the computers are offline or use a system that networked computers and servers can’t write to.

If you don't have dedicated backup software, you can copy important files to a removable media. Be sure to eject and unplug the removable media when you're done.

If you pay the ransom:

● There’s no guarantee that the attacker will supply a method to unlock your computer or decrypt your files.

● The attacker will likely use your ransom money to fund attacks against other users.

Don’t pay the ransom.

New definitions are likely to detect and remediate the ransomlockers.

Symantec Endpoint Protection Manager automatically downloads virus definitions to the client, as long asthe client is managed and connected to theSymantec Endpoint Protection Manager.

Secure them with a password and access control restrictions.

Use read-only access for files on network drives, unless it’s absolutely necessary to have write access for these files. Restricting user permissions limits which files the threats can encrypt.

As with other security products, Symantec Endpoint Protection cannot decrypt the files that ransomlockershave sabotaged.

Attacking exploit kits can’t exploit vulnerabilities that have been patched. Historically, attacks were delivered through phishing and web browsers.

In the future, it’s likely we’ll see more attacks delivered through vulnerable web applications, such as JBOSS, WordPress, and Joomla.

Do this before the ransomware can attack accessible network drives.

Use Symantec EndpointProtection (SEP) Manager

If you can identify the maliciousemail or executable, submit it to

Symantec Security Response: Symantec.com/security_response

These samples enable Symantec to create new signatures and improve

defenses against ransomware.

Submit the malwareto Security Response.

Isolate theinfected computer.

Restore damagedfiles from a knowngood backup.

Protection Against Ransomware

All-Ransomware Crypto-Ransomware Crypto-Ransomware as % of All Ransomware

DECNOVOCTSEPAUGJULJUNMAYMARJAN APRFEB20150%

100%

50%

Steps forpreventingransomware

0%

FakeAV Crypto-RansomwareLockersMisleading Apps

100%

Crypto- Ransomware as Percentage of All Ransomware

Although the chart indicates a steady decline in traditional ransomware in 2015, crypto-ransomware now accounts for the majority of all ransomware.

Pay Ransom PurchaseBack

’07’06’05 ’08 ’09 ’10 ’11 ’12 ’13 ’14 ’15

Back up your computersand servers regularly.

Lock down mappednetwork drives.

IPS blocks some threats that traditional virus definitions alone cannot stop.

SONAR provides real-time protection, using heuristics and reputation data, to detect emerging and unknown threats.

Insight quarantines questionable files that haven’t been proven safe yet by the Symantec customer base.

Deploy and enable all Symantec Endpoint Protection technologies.

Ransomware threats are often spread through spam emails that contain malicious attachments. Scanning inbound emails for threats with a dedicated mail security product or service is critical to keep ransomware and other malware out of your organization.

For more information, see:Symantec.com/connect/articles/support-perspective-w97mdownloader-battle-plan

Use an email securityproduct to handleemail safely.

Download the latestpatches and plug-ins.

How do I remove ransomware?In almost all cases, ransomware encryption can’t be broken. If your client computers get infected with ransomware and

your data is encrypted, follow the steps below.

DOWNLOAD THE FULL REPORT