Encryption is now used as a weapon,
holding companies’ and individuals’
critical data hostage
VOLUME 21, APRIL 2016
Growing Dominance of
Percentage of new families of misleading apps, fake security
software (Fake AV), locker-ransomware, and crypto-ransomware
Regularly back up ﬁles on both the client
computers and servers. Either back up the
ﬁles when the computers are ofﬂine or use a
system that networked computers and
servers can’t write to.
If you don't have dedicated backup software,
you can copy important ﬁles to a removable
media. Be sure to eject and unplug the
removable media when you're done.
If you pay the ransom:
● There’s no guarantee that the attacker will supply a
method to unlock your computer or decrypt your ﬁles.
● The attacker will likely use your ransom money to fund
attacks against other users.
Don’t pay the ransom.
New deﬁnitions are likely to detect and remediate the
Symantec Endpoint Protection Manager automatically
downloads virus deﬁnitions to the client, as long as
the client is managed and connected to the
Symantec Endpoint Protection Manager.
Secure them with a password and
access control restrictions.
Use read-only access for ﬁles on
network drives, unless it’s absolutely
necessary to have write access for these
ﬁles. Restricting user permissions limits
which ﬁles the threats can encrypt.
As with other security products, Symantec Endpoint Protection
cannot decrypt the ﬁles that ransomlockers
Attacking exploit kits can’t exploit
vulnerabilities that have been patched.
Historically, attacks were delivered
through phishing and web browsers.
In the future, it’s likely we’ll see more
attacks delivered through vulnerable
web applications, such as JBOSS,
WordPress, and Joomla.
Do this before the ransomware can attack
accessible network drives.
Use Symantec Endpoint
Protection (SEP) Manager
If you can identify the malicious
email or executable, submit it to
Symantec Security Response:
These samples enable Symantec to
create new signatures and improve
defenses against ransomware.
Submit the malware
to Security Response.
ﬁles from a known
All-Ransomware Crypto-Ransomware Crypto-Ransomware as % of All Ransomware
FakeAV Crypto-RansomwareLockersMisleading Apps
Crypto- Ransomware as
Percentage of All Ransomware
Although the chart indicates a steady decline in
traditional ransomware in 2015, crypto-ransomware
now accounts for the majority of all ransomware.
Pay Ransom PurchaseBack
’07’06’05 ’08 ’09 ’10 ’11 ’12 ’13 ’14 ’15
Back up your computers
and servers regularly.
Lock down mapped
IPS blocks some threats that traditional virus
deﬁnitions alone cannot stop.
SONAR provides real-time protection, using
heuristics and reputation data, to detect
emerging and unknown threats.
Insight quarantines questionable ﬁles that
haven’t been proven safe yet by the
Symantec customer base.
Deploy and enable
all Symantec Endpoint
Ransomware threats are often spread through
spam emails that contain malicious
attachments. Scanning inbound emails for
threats with a dedicated mail security product
or service is critical to keep ransomware and
other malware out of your organization.
For more information, see:
Use an email security
product to handle
Download the latest
patches and plug-ins.
How do I remove ransomware?
In almost all cases, ransomware encryption can’t be broken.
If your client computers get infected with ransomware and
your data is encrypted, follow the steps below.
DOWNLOAD THE FULL REPORT