Trellix has added detection for the WannaCry ransomware malware infections (outbreak pertaining to May 12, 2017) in the new version of Trellix Ransomware Interceptor (MRI v0.5.0.338).
Ransomware malware has evolved to be a tremendous threat in recent years. Such malware will install on your system, encrypt or damage data on your system in a way that in many cases is irrecoverable unless you have a decryption key. Consumers may have to pay the malware authors hefty amounts of money (varies from a few 100 to a 1000 USD) to obtain the recovery key. Failure to do so typically results in permanent loss of data.
Interceptor comes with 2 installers:
Use the appropriate installer for your target OS.
Review KB 87658 If HIPS 8.0 Patch 5, 6, or 7 are installed in your environment. It’s advised not to install this product until you have read and understood this Knowledge Center article.
Once the install process is complete, a reboot is recommended. MRI will be visible via a TaskBar Icon. The Interceptor process is named “McAfeeRansomwareInterceptorWin32.exe”. The installer also includes a built-in Uninstaller. The same installer when run again post installation, gives the user the option to uninstall the software. Additionally, users can navigate through Windows Uninstallation menu to remove this tool.
Menu items exist when the user right clicks on the Task Bar icon.
Detections are made visible via a Balloon pop up and a detection window as shown below:
Additionally, detections are logged in “MRIProtectionLog.txt”. This file can be viewed at any time via the Taskbar menu, “View Detection Log”.
On detection, we only terminate the offending process. We do not delete them. This provides customers more control of their environment.
Interceptor is recommended to be run on any Windows Operating systems Windows 7 and later.
Assume your files are encrypted by Stampado ransomware. Below we see the affected system’s screen after the infection, with email ID
McAfee regularly publishes documentation around various Ransomware families providing detailed Threat Advisories containing behavioral information, Indicators of Compromise (IOC), mitigation techniques etc. This information can be leveraged by end users for identification and remediation of different ransomware infections. The following are some useful links for end-users:
Download Interceptor for 32-bit systems Download Interceptor for 64-bit systems
Additionally, detections are logged in “MRIProtectionLog.txt”. This file can be viewed at any time via the Taskbar menu, “View Detection Log”.On detection, we only terminate the offending process. We do not delete them. This provides customers more control of their environment.
On detection, we only terminate the offending process. We do not delete them. This provides customers more control of their environment.
Businesses have too much to lose if they don't prioritize security at every entry level. With more date to protect and cyberthreats eveolving, everyone must play a part in creating a culture of security. Let our Free Tools help implement a 'security-first' mindset across your entire company
Need a little more protectionfor your business?
Explore the Trellix Platform