Traps 4.1 strengthens ransomware prevention by adding new capabilities that include monitoring for ransomware behavior and upon detection, shutting down an attack and blocking new exploit techniques leveraged during recent WannaCry and NotPetya attacks. This latest version also brings granular child process protection and DLL examination into Traps’ long list of anti-malware preventions.
Most ransomware causes damage in seconds -- far too quickly for endpoint detection and response or manual intervention, none of which will fix compromised user machines or a vulnerable organization.
Those relying on signature updates have large windows of vulnerability. While the speed of signature updates has improved, if an organization in a signature-based threat-sharing community is infected, it can take hours or days to create and distribute a signature from “patient zero” – much longer than the minutes ransomware needs to spread to other machines.
“Ransomware as a service” gives even novice attackers access to advanced techniques. Furthermore, recent leaks, along with the re-emergence of exploits to circumvent the need for user action, have given rise to script-based and file-less attacks that pose issues for products or tools that rely heavily on analyzing file characteristics.
Enter Traps 4.1, with Enhanced kernel exploit protection and behavior-based ransomware protection:
Enhanced kernel exploit protection: New kernel exploit prevention protects against exploit techniques used to execute malicious payloads, such as those seen in WannaCry and NotPetya. By blocking processes from accessing injected malicious code, Traps can prevent attacks early in the attack lifecycle without impacting legitimate processes.
Behavior-based ransomware protection: This release of Traps introduces a capability solely focused on ransomware, rather than malware in general. In addition to existing preventions, Traps will now monitor specifically for ransomware behavior and, upon detection, block the attack and encryption of customer data without interfering with legitimate encryption tools.