Ransomware: Introduction, Prevention and Trend Micro Security Solutions



Learn how Trend Micro protects you against the latest WCRY (WannaCry) Ransomware and PETYA (2017) Ransomware attacks.


Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods in order to restore access to their systems, or to get their data back.

Ransomware can be downloaded by unwitting users who visit malicious or compromised websites. It can also arrive as a payload, either dropped or downloaded by other malware. Some ransomware are delivered as attachments to spammed email.

Once executed in the system, a ransomware can either (1) lock the computer screen or (2) encrypt predetermined files with a password.

In the first scenario, a ransomware shows a full-screen image or notification, which prevents victims from using their system. This screen also provides instructions on how users can pay the ransom.

The second type of ransomware encrypts files including word processing documents, spreadsheets, photos and other important files.

The cybercriminals behind ransomware make use of online payment methods such as Ukash, PaySafeCard, MoneyPAK or Bitcoin as a way for users to pay the ransom. However, paying the ransom doesn't guarantee the cybercriminal will restore your system or files to you.

Get the latest news and information on ransomware from our Security Intelligence blog here.

Watch our video on Ransomware here.

How do I prevent Ransomware infection?
To avoid being infected by Ransomware, take note of the following:
  • Always check who the email sender is
    If the email is supposedly coming from a bank, verify with your bank if the message is legitimate. If the email came from a personal contact, confirm if your contact sent the message. Do not rely solely on trust by virtue of relationship, as your friend or family member may be a victim of spammers as well.
  • Double-check the content of the message
    There are obvious factual errors or discrepancies that you can spot. Example, if your bank or a friend claims that they have received something from you, try to go to your recently sent items to double-check their claim. Such spammed messages can also use other social engineering lures to persuade users to open the message.
  • Refrain from clicking links in email
    In general, clicking on links in email should be avoided. It is safer to visit any site mentioned in email directly. If you have to click on a link in email, make sure your browser uses web reputation to check the link, or use free services such as Trend Micro Site Safety Center.
  • Always ensure your software is up-to-date
    Currently there are no known CryptoLocker that exploits vulnerabilities to spread, but it can’t be ruled out in the future. Regularly updating installed software provides another layer of security against many attacks.
  • Backup important data
    There is no known tool to decrypt the files encrypted by CryptoLocker. One good safe computing practice is to ensure you have accurate backups of your files. The 3-2-1 principle should be in play: three copies, two different media, one separate location. Windows has a feature called Volume Shadow Copy that allows you to restore files to their previous state, and is enabled by default. Cloud storage services can be a useful part of your backup strategy.

How can Trend Micro Security protect me from Ransomware?
Trend Micro™ Security offers protection against Ransomware by blocking these threats from possible points of infection. It prevents access to dangerous websites, including harmful links from social networks, spam and email messages. Most importantly, it detects and deletes Ransomware variants if found in the system.
These solutions are enabled by default. If for any reason they're not enabled, follow the steps below to enable them:
  1. Open the main console of your Trend Micro Security software. Do either of the following:
    • Double-click the Trend Micro  icon on your desktop.
    • Double-click the Trend Micro  icon on your system tray.
  2. Click Settings.
  3. If you've secured your settings with a password, a popup appears. Please enter your password to continue, then click OK.
  4. Under Scan Preferences, tick the following settings:
    • Scan for threats when opening, saving or downloading files
    • Protect documents against unauthorized encryption or modification.
    • Back up files encrypted or modified by suspicious programs.
  5. Click Apply, then click OK.

Enhance your Trend Micro Security’s Ransomware protection by setting up Folder Shield
Folder Shield is a new feature that protects your key documents from modification by malware or encryption by Ransomware. This is available on the latest version of Trend Micro Security, for more information check the topics below:

I get a pop-up message that says “Ransomware Program Blocked.” What should I do next?
You will see this notification from Trend Micro Security if there is suspected Ransomware activity found in your computer. We suggest that you click the recommended action which is in the OK button.
Suspicious Program blocked

I got infected by Ransomware. What should I do?
There are two (2) types of Ransomware: Lock Screen which limits the users from accessing the computer and Crypto (File Encryption)which encrypts files to limit users from accessing their files.

Can I talk to a specialist who can help me understand Ransomware?
Call Ransomware Hotline

Call our Ransomware Hotline to receive FREE Ransomware support.

North America


Monday to Friday (5AM - 8PM PST)

Chat with a Technical Support Engineer
Chat with our Technical Support to answer your Ransomware concerns.
  Start a chat  


Ransomware Protection banner
Applies To: Antivirus+ Security - 2015;Antivirus+ Security - 2016;Antivirus+ Security - 2017;Internet Security - 2015;Internet Security - 2016;Internet Security - 2017;Maximum Security - 2015;Maximum Security - 2016;Maximum Security - 2017;Premium Security - 2015;Premium Security - 2016;Premium Security - 2017;Titanium AntiVirus + - All;Titanium Internet Security - All;Titanium Maximum Security - All;

Last Updated: Jun. 27, 2017 11:45 PM (PST)
Solution ID: 1099580