Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system's screen or by locking the users' files unless a ransom is paid. More modern ransomware families, collectively categorized as crypto-ransomware, encrypts files and forces the users to pay the ransom through certain online payment methods to get the decryption tool/key.
Submit the following information to Trend Micro Technical Support for analysis.
- For OfficeScan, Worry-Free Business Security and Worry-Free Business Security Services:
- Virus/Malware Logs
- Behavior Monitoring Logs
Refer to KB article on generating and exporting logs in OfficeScan.
Refer to KB article on generating and exporting logs in Worry-Free Business Security.
- For Deep Security
- Anti-malware Events
- Intrusion Prevention Events
To export logs:
- Log on to the Deep Security Manager web console.
- Go to Events & Reports.
- Click Anti-Malware Events/Intrusion Prevention Events and specify the criteria.
- Click Export.
Ransomware Collector Logs
Refer to the KB article on Using the Trend Micro Anti-Threat Toolkit to analyze malware issues and clean infections, and read the section on collecting ransomware samples and system information on infected machine.
Other supporting files
- Ransomnote – Decryption instructions (in a form of txt, jpg, png, html, hta, etc.) usually dropped on the desktop or folders where encrypted files are located.
- Encrypted file