Ransomware
Effective ransomware solutions to protect your critical data
Ransomware is a common method of cyber extortion for financial gain. It’s a type of attack that instantly prevents users from interacting with their files, applications or systems until the victim pays the ransom and the attacker restores access with a decryption key.
Advanced detection and prevention supported by actionable threat intelligence is the best defense against ransomware and other advanced attacks. The FireEye solution defends against the growing and ever-changing ransomware threat. It provides real-time, inline ransomware protection for multiple attack vectors to prevent or interfere with the activation of ransomware and protect you from financial loss and business disruption.
Video
See How to Stop the WannaCry Ransomware
How does the FireEye ransomware solution work?
Every component of the FireEye solution is a step toward stronger cyber security. Combining the following components contributes to the strongest possible defense against ransomware.
FireEye Email Security
Offline and cloud-based analysis are often too slow to stop ransomware from encrypting your systems and data. FireEye Email Security deployed inline, either on premise (EX) or cloud based (ETP), operates as a mail transfer agent (MTA) and quarantines, analyzes and blocks ransomware emails before they reach the recipient.
Enhanced email security with a store and forward architecture and near-real time speed effectively stops many attacks before they occur with minimal business lag.
FireEye Endpoint Security
Endpoints and their users are the starting point for ransomware attacks. An attack often uses hard-to-detect discreet processes that exploit a vulnerability in a common application. FireEye Endpoint Security detects and analyzes these processes to determine if an exploit is taking place, giving analysts the information needed to stop an incident. And it provides needed visibility into endpoints so analysts can conduct detailed investigations to curtail damage and adapt the defense against further attack.
FireEye Network Security
Ransomware intrusion involves three main stages: initial infection, file encryption and command-and-control (CnC) server access. FireEye Network Security identifies the attack process and detects and blocks communication between the servers that deliver encrypted malicious code to the victim and for callback.
Where sandbox solutions consistently fail, FireEye Network Security succeeds because the Multi-Vector Virtual Execution™ (MVX) engine at its heart can readily analyze traffic and detect attacks that span multiple phases, including those with encrypted malware.
FireEye Threat Intelligence
All FireEye customer appliances can help detect existing, evolving and new ransomware techniques with the help of FireEye Dynamic Threat Intelligence (DTI), a deep, codified analysis of malware trends and ransomware campaigns updated every 60 minutes.
FireEye also offers iSIGHT Intelligence to provide actionable tactical, operational and strategic intelligence that helps organizations better manage their risk and response to ransomware and other current threats. This threat intelligence is derived from attackers’ development environments, from a strong understanding of attacker tools, tactics and procedures (TTPs) and from hundreds of incident response engagements. These continually updated, shared, context-rich sources of insight create an industry-leading intelligence network that helps security teams predict, detect and respond to ransomware attacks.
TESTIMONIAL
“FireEye is keeping us out of the news, and this is a really good thing!”
- Jeremy Taylor, Network Manager, AAFCU
Read the customer story
Air Academy Federal Credit Union stays ahead of the cyber security curve with FireEye.
HOW RANSOMWARE INFECTS VICTIMS VIA EMAIL
HOW RANSOMWARE INFECTS VICTIMS VIA THE WEB
Read the customer story
Lindsay Automotive Group stops email-borne threats in their fast-growing business.
Related resources
White Paper
Effective Ransomware Response Strategies
Video
Ransomware: Methods for Endpoint Protection
Video
Use Threat Intelligence to Mitigate Ransomware in Healthcare
Ransomware related blogs
June 10, 2020
#ThoughtfulTuesdays — Regular Content in a Time Without RegularityMay 7, 2020
Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware IncidentsApril 22, 2020
A Deeper Discussion About M-Trends 2020, Part TwoMarch 16, 2020
They Come in the Night: Ransomware Deployment TrendsFebruary 24, 2020
Ransomware Against the Machine: How Adversaries are Learning to Disrupt Industrial Production by Targeting IT and OT
Build a business case
- On Demand Webinar: The Rise of RansomwareExamine new ransomware trends and learn how to respond to these attacks and what you can do to improve your defenses.
- How Secure Do You Want to Be?Learn how a security program assessment can help identify gaps to improve your security posture and reduce risk.
- Closing the Security Expertise GapLearn how you can bring together technology, intelligence and expertise to help monitor threats, find attackers and respond before damage can be done.
- Handling Too Many Alerts vs. Managing RisksUnderstand the true costs of ineffective security and how to quantify the operational benefits for reducing alert volume.
- Calculate Your Cyber Security CostsUse the total cost of ownership calculator to compare your current security solution versus what you would spend with FireEye.