Ransomware: Introduction, Prevention and Trend Micro Security Solutions
- Solution ID:1099580
- Last Updated:Oct. 23, 2019 10:03 PM (PST)
- Applies to:Antivirus+ Security - 2018;Antivirus+ Security - 2019;Antivirus+ Security - 2020;Internet Security - 2018;Internet Security - 2019;Internet Security - 2020;Maximum Security - 2018;2019;2020;Premium Security - 2018;Premium Security - 2019;Premium Security - 2020;
- What is Ransomware?
Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to restore access to their systems, or to get their data back.
Ransomware can be downloaded by unwitting users who visit malicious or compromised websites. It can also arrive as a payload, either dropped or downloaded by other malware. Some ransomware are delivered as attachments to spammed email.
Once executed in the system, a ransomware can either (1) lock the computer screen or (2) encrypt predetermined files with a password.
In the first scenario, a ransomware shows a full-screen image or notification, which prevents victims from using their system. This screen also provides instructions on how users can pay the ransom.
The second type of ransomware encrypts files including word processing documents, spreadsheets, photos and other important files.
The cybercriminals behind ransomware make use of online payment methods such as Ukash, PaySafeCard, MoneyPAK or Bitcoin as a way for users to pay the ransom. However, paying the ransom doesn't guarantee the cybercriminal will restore your system or files to you.
Get the latest news and information on ransomware from our Security Intelligence blog here.
Watch our video on Ransomware here.
To avoid being infected by Ransomware, take note of the following:
- Always check who the email sender is
If the email is supposedly coming from a bank, verify with your bank if the message is legitimate. If the email came from a personal contact, confirm if your contact sent the message. Do not rely solely on trust by virtue of relationship, as your friend or family member may be a victim of spammers as well.
- Double-check the content of the message
There are obvious factual errors or discrepancies that you can spot. Example, if your bank or a friend claims that they have received something from you, try to go to your recently sent items to double-check their claim. Such spammed messages can also use other social engineering lures to persuade users to open the message.
- Refrain from clicking links in email
In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly. If you have to click on a link in email, make sure your browser uses web reputation to check the link, or use free services such as Trend Micro Site Safety Center.
- Always ensure your software is up-to-date
Currently there are no known CryptoLocker that exploits vulnerabilities to spread, but it can’t be ruled out in the future. Regularly updating installed software provides another layer of security against many attacks.
- Backup important data
There is no known tool to decrypt the files encrypted by CryptoLocker. One good safe computing practice is to ensure you have accurate backups of your files. The 3-2-1 principle should be in play: three copies, two different media, one separate location. Windows has a feature called Volume Shadow Copy that allows you to restore files to their previous state, and is enabled by default. Cloud storage services can be a useful part of your backup strategy.
Trend Micro™ Security offers protection against Ransomware by blocking these threats from possible points of infection. It prevents access to dangerous websites, including harmful links from social networks, spam and email messages. Most importantly, it detects and deletes Ransomware variants if found in the system.
These solutions are enabled by default. If for any reason they're not enabled, follow the steps below to enable them:
- Open the main console of your Trend Micro Security software. Do either of the following:
- Double-click the Trend Micro icon on your desktop.
- Double-click the Trend Micro icon on your system tray.
- Click Settings.
- If you've secured your settings with a password, a popup will appear. Please enter your password to continue, then click OK.
- Under Scan Preferences, tick the following settings:
- Scan for threats when opening, saving or downloading files
- Protect documents against unauthorized encryption or modification.
- Back up files encrypted or modified by suspicious programs.
- Click Apply, then click OK.
Folder Shield is a new feature that protects your key documents from modification by malware or encryption by Ransomware. This is available on the latest version of Trend Micro Security. For more information check the topics below:
- How do I use Folder Shield?
Learn about the Folder Shield feature of your Trend Micro Security software.
Follow the instructions on how to use Folder Shield in this article: Using the Folder Shield feature of Trend Micro Security
- I am running an older version, how can I upgrade to get this feature?
Learn how to upgrade your Trend Micro program to the latest version for free.
Follow the instructions on how to upgrade in this article: Upgrading Trend Micro Security to the latest version
You will see this notification from Trend Micro Security if there is suspected Ransomware activity found in your computer. We suggest that you click the recommended action which is in the OK button.
Download our free Decrypt Tool to attempt to retrieve files encrypted by a Crypto Ransomware.
Follow the instructions on how to use the tool in this article:
Downloading and Using the Trend Micro Ransomware File Decryptor
Or manually restore encrypted files after a Crypto Ransomware infection. Follow instructions in this article:
Restoring encrypted files after CryptoLocker Ransomware infection
Need Additional Help?
Contact our Technical Support for further assistance.