Though the existing body of research provides significant discussions about ransomware details and capabilities, the all research body is fragmented. Wide range of features which are available in different families and versions of ransomware further complicates their detection and analysis. Although the ransomware attack strategy seems to be simple, security specialists ranked ransomware as a sophisticated attack vector with many variations and families. Majority of ransomware families are requesting for a ransom payment to restore a custodian access or decrypt data which were encrypted by the ransomware earlier. the “freezing” of suspicious e-mails, is also part of Hornetsecurity ATP.In spite of being just a few years old, ransomware is quickly becoming a serious threat to our digital infrastructures, data and services. To achieve this, Hornetsecurity ATP uses various detection mechanisms: In addition to a sandbox, URL rewriting and URL scanning are also used. The service protects against attacks with ransomware such as Locky, Tesla or Petya, filters out phishing mails and fends off so-called blended threats. Here, for example, an anti-ransomware scanner such as the cloud solution Advanced Threat Protection from Hornetsecurity can help. However, if it is a question of protection against infected emails, an extended spam filter should be used. This is also where classic virus scanners, such as GDATA, which take action against all types of malware, help. However, the most sensible solutions are those that detect ransomware before it reaches the computer. If the ransomware has not yet been activated, an up-to-date anti-virus program will help. If the ransomware is already on the computer, it is usually already too late. This resulted in a large number of successful ransomware attacks on companies.
So WannaCry used a gap in outdated Windows systems (EternalBlue).
If you are still using Windows 7 or even Windows XP today, you should not be surprised if your computer is infected and encrypted. The older the software, the more entry points are known and available. Updating the systems is also absolutely necessary. This way the malware distributes itself in the network within a very short time. This feature allows ransomware to spread within the local network in individual cases. Microsoft’s Remote Desktop protocol is often used as a vulnerability. Therefore, it is important that you enable the viewing of file extensions in your email client settings.Ĭlosing vulnerabilities is also very important. Unintentionally, the infected files are opened and the ransomware is executed. The display of file extensions is deactivated by default in most email clients, which is why the user usually cannot recognize the format of the file at first glance. Well camouflaged, emails get to the computer of the employee in the target company as PDF, EXE or JPEG files. A cloud solution for companies would be a great possibility for data backup.įor ransomware attacks the email is primarily used. The backup can be done manually or automatically. In this way an older version without infection can be uploaded. If an attack is successful, it is important to have up-to-date backups available. These include URL rewriting and URL scanning. Hornetsecurity Advanced Threat Protection (ATP) offers solutions on a broad basis. A contaminated attachment, which has been packed several times and made unrecognizable, is recognized by the virus scanner of Hornetsecurity and categorized as spam.Īdvanced Threat Protection goes one step further and reliably detects ransomware attacks as well as various types of malware that are still unknown. With one of the highest detection rates on the market (99.99%), 18 different virus scanners check email traffic.