Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Logs to submit to Trend Micro Technical Support in case of ransomware infection

    • Updated:
    • 5 Oct 2018
    • Product/Version:
    • Deep Security 11.0
    • Deep Security 11.1
    • Deep Security 11.2
    • OfficeScan 11.0
    • OfficeScan XG.All
    • Worry-Free Business Security Services 6.0
    • Worry-Free Business Security Services 6.1
    • Worry-Free Business Security Services 6.2
    • Worry-Free Business Security Services 6.3
    • Worry-Free Business Security Services 6.5
    • Worry-Free Business Security Standard/Advanced 10.0
    • Worry-Free Business Security Standard/Advanced 8.0
    • Worry-Free Business Security Standard/Advanced 9.0
    • Worry-Free Business Security Standard/Advanced 9.5
    • Platform:
    • N/A N/A
Summary

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypts files and forces the users to pay the ransom through certain online payment methods to get the decryption tool/key.

Details
Public

Submit the following information to Trend Micro Technical Support for analysis.

Product Logs

    • For OfficeScan, Worry-Free Business Security and Worry-Free Business Security Services:
      • Virus/Malware Logs
      • Behavior Monitoring Logs

      Refer to KB article on generating and exporting logs in OfficeScan.

      Refer to KB article on generating and exporting logs in Worry-Free Business Security.

    • For Deep Security
      • Anti-malware Events
      • Intrusion Prevention Events

      To export logs:

      1. Log on to the Deep Security Manager web console.
      2. Go to Events & Reports.
      3. Click Anti-Malware Events/Intrusion Prevention Events and specify the criteria.
      4. Click Export.

Ransomware Collector Logs

Refer to the KB article on Using the Trend Micro Anti-Threat Toolkit to analyze malware issues and clean infections, and read the section on collecting ransomware samples and system information on infected machine.

Other supporting files

    • Ransomnote – Decryption instructions (in a form of txt, jpg, png, html, hta, etc.) usually dropped on the desktop or folders where encrypted files are located.
    • Encrypted file
    • Screenshots
Premium
Internal
Rating:
Category:
Remove a Malware / Virus
Solution Id:
1121207
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.