MAILTO Ransomware technical details

MAILTO Ransomware Information

- Updated:
- 6 Feb 2020
- Product/Version:
- OfficeScan XG, Apex One, Deep Security 10.X, Deep Security 11.X, Deep Security 12.X, WFBS 10.X
- Platform:
- Windows 7, Windows 8, Windows 8.1, Windows 10

Solution Coverage

File-based Signature

Detection Name	Pattern Version
Ransom.Win32.MAILTO.AB	15.655.00
Ransom.Win32.MAILTO.AB.note	15.651.00

Predictive Machine Learning

Detection Name	Pattern Version
TROJ.Win32.TRX.XXPE50F13009	In-the-Cloud

Behavior Monitoring

Detection Name	Pattern Version
Malware Behavior Blocking	1.979.00

Intrusion Prevention Rules in Deep Security

Rules
1007598 - Identified Possible Ransomware File Rename Activity Over Network Share
1007912 - Identified Possible Ransomware File Rename Activity Over Network Share – Client
1007596 - Identified Possible Ransomware File Extension Rename Activity Over Network Share
1007913 - Identified Possible Ransomware File Extension Rename Activity Over Network Share – Client

Sandbox

Detection Name	Pattern Version
VAN_RANSOMWARE.UMXX	n/a

What should customers do?

Implement the best practice configuration against ransomware for your Trend Micro products. Refer to following KB articles:
EXPAND ALL
Endpoint Protection Layer
Worry-Free Business Security
Best practices in preventing Ransomware infection using OfficeScan (OSCE) and Worry-Free Business Security/Services (WFBS/WFBS-SVC)
Best Practices in enhancing protection against malware threats in Worry-Free Business Security/Services (WFBS/WFBS-SVC)

ApexOne: Best Practice Guide for malware protection for Trend Micro Apex One™ as a Service and Trend Micro Apex One
OfficeScan
Enabling the Ransomware Protection feature in OfficeScan (OSCE)
Best practices in preventing Ransomware infection using OfficeScan (OSCE) and Worry-Free Business Security/Services (WFBS/WFBS-SVC)
Best practices in configuring OfficeScan (OSCE) for malware protection

Trend Micro Endpoint Application Control: Best Practice Configuration against Ransomware and other Malware Threats with Endpoint Application Control (TMEAC) 2.0 Patch 1
Hybrid Cloud Security
Deep Security
Ransomware Detection and Prevention in Deep Security
Deep Security Best Practice Guide
Email and Gateway Protection Layers
SMID: How to enable ransomware category in ScanMail for IBM Domino (SMID) 5.6 for Windows
SMEX: Ransomware protection using ScanMail for Exchange (SMEX)
TMCAS: Enabling the Ransomware Protection feature on Trend Micro Cloud App Security (TMCAS)
IMSVA: Enabling the Ransomware Protection feature in InterScan Messaging Security (IMSS/IMSVA)
HES: Ransomware protection using Hosted Email Security (HES)
IWSVA: Configuring URL Filtering policy to block Ransomware on InterScan Web Security Virtual Appliance (IWSVA) 6.5 Service Pack 2
Network Defense
DDI: Preventing Ransomware on Deep Discovery Inspector (DDI)
DDEI: Ransomware Protection feature in Deep Discovery Email Inspector (DDEI)
Central Management Console
TMCM: Checking the information displayed in the Ransomware Prevention sub-page of the TMCM dashboard
For other recommendations, please refer to Ransomware: Solutions, Best Practice Configuration and Prevention using Trend Micro products.
Secure the usage of Sysadmin tools: Best Practices: Securing Sysadmin Tools.
Contact Trend Micro Technical Support for further assistance.

Need More Help?

MAILTO Ransomware Information

Endpoint Protection Layer

Hybrid Cloud Security

Email and Gateway Protection Layers

Network Defense

Central Management Console