DDI uses known and unknown patterns and reputation analysis to detect the latest ransomware attacks. The customized sandbox detects mass file modifications, encryption behavior, and modifications to backup and restore processes.

DDI supports "Threats at a Glance" widget to show Ransomware detections with direct links to its detailed information.

The following configurations on DDI will help increase the Ransomware detection rate:

Enabling Virtual Analyzer

• Virtual Analyzer uses system images to observe sample behavior and characteristics within an isolated and controllable virtual environment then assigns a risk level to the sample. Therefore, enabling the Virtual Analyzer feature not only helps organization identify and combat potential threats at an early stage, but also gives us a deeper understanding and knowledge of potential threats.
• For the detail steps to enable Virtual Analyzer, refer to the Virtual Analyzer section in Chapter 6: Administration in the Administrator’s Guide.

Configuring File Submission Rules

• DDI contains a default file submission rule set after installation. It also allows users to create their own file submission rules to ensure that suspicious files are analyzed. If necessary, update it accordingly.
• For details, refer to the File Submission Rule section in Chapter 6: Administration > Virtual Analyzer in the Administrator’s Guide.

Trend Vision One Integration

• Trend Vision One gives you the ability to correlate advanced threat events and prioritize your response. Just press play and visualize the attack life cycle at the network layer, including managed and unmanaged devices. It can also share Suspicious Objects with other Trend Micro products.
• For the detail steps to integrate with Trend Vision One, refer to Trend Vision One section in Chapter 6: Administration > Integrated products/services in the Administrator’s Guide.