Effective ransomware solutions to protect your critical data

Ransomware is a common method of cyber extortion for financial gain. It’s a type of attack that instantly prevents users from interacting with their files, applications or systems until the victim pays the ransom and the attacker restores access with a decryption key.

Advanced detection and prevention supported by actionable threat intelligence is the best defense against ransomware and other advanced attacks. The FireEye solution defends against the growing and ever-changing ransomware threat. It provides real-time, inline ransomware protection for multiple attack vectors to prevent or interfere with the activation of ransomware and protect you from financial loss and business disruption.


See How to Stop the WannaCry Ransomware

How does the FireEye ransomware solution work?

Every component of the FireEye solution is a step toward stronger cyber security. Combining the following components contributes to the strongest possible defense against ransomware.

FireEye Email Security

Offline and cloud-based analysis are often too slow to stop ransomware from encrypting your systems and data. FireEye Email Security deployed inline, either on premise (EX) or cloud based (ETP), operates as a mail transfer agent (MTA) and quarantines, analyzes and blocks ransomware emails before they reach the recipient.

Enhanced email security with a store and forward architecture and near-real time speed effectively stops many attacks before they occur with minimal business lag.

FireEye Endpoint Security

Endpoints and their users are the starting point for ransomware attacks. An attack often uses hard-to-detect discreet processes that exploit a vulnerability in a common application. FireEye Endpoint Security detects and analyzes these processes to determine if an exploit is taking place, giving analysts the information needed to stop an incident. And it provides needed visibility into endpoints so analysts can conduct detailed investigations to curtail damage and adapt the defense against further attack.

FireEye Network Security

Ransomware intrusion involves three main stages: initial infection, file encryption and command-and-control (CnC) server access. FireEye Network Security identifies the attack process and detects and blocks communication between the servers that deliver encrypted malicious code to the victim and for callback.

Where sandbox solutions consistently fail, FireEye Network Security succeeds because the Multi-Vector Virtual Execution™ (MVX) engine at its heart can readily analyze traffic and detect attacks that span multiple phases, including those with encrypted malware.

FireEye Threat Intelligence

All FireEye customer appliances can help detect existing, evolving and new ransomware techniques with the help of FireEye Dynamic Threat Intelligence (DTI), a deep, codified analysis of malware trends and ransomware campaigns updated every 60 minutes.

FireEye also offers iSIGHT Intelligence to provide actionable tactical, operational and strategic intelligence that helps organizations better manage their risk and response to ransomware and other current threats. This threat intelligence is derived from attackers’ development environments, from a strong understanding of attacker tools, tactics and procedures (TTPs) and from hundreds of incident response engagements. These continually updated, shared, context-rich sources of insight create an industry-leading intelligence network that helps security teams predict, detect and respond to ransomware attacks.


“FireEye is keeping us out of the news, and this is a really good thing!”

- Jeremy Taylor, Network Manager, AAFCU

Air Academy Federal Credit Union

Read the customer story
Air Academy Federal Credit Union stays ahead of the cyber security curve with FireEye.

The growing ransomware threat

Ransomware activities targeting large and small organizations have been rising steadily since mid-2015. Small and midsize enterprises – with their limited budgets and expertise – that rely on or work heavily with data are prime targets for attackers.

How does ransomware work?

Most reported ransomware infections are introduced via email attachments or embedded links. Attackers often target key personnel and high-value computers with social engineering tactics and spear phishing to maximize their gains.

Web-based ransomware attacks tend to use “drive-by-download” exploit kits that take advantage of browser, application and system vulnerabilities in a multi-stage process:

Stage 1: Infect a legitimate website or hacks an advertising network to insert code.

Stage 2: Profile the user system and redirect them to another web page with an exploit kit that detects vulnerable software such as older versions of Java or Flash on their computer.

Stage 3: Deliver an encrypted, obfuscated or encoded malicious payload to the user’s system. Ransomware takes effect once the payload is decrypted.

Stage 4: Establish a connection to a callback server so the attacker can set up the unique keys to encrypt the victim’s data.

Why are you vulnerable?

Sophisticated attackers test conventional defenses (antivirus software, next-generation firewalls, secure email and web gateways, intrusion prevention systems) and adjust their tactics to defeat them. The static analysis and signatures used by these defenses cannot:

  • Update fast enough to keep pace with evolving attacks
  • Optimize and automate operations to detect unknown, never-before-seen threats in real time
  • Detect custom and encrypted communication between an external command-and-control server (CnC) and infected host
  • Protect against multistage web- or email-based ransomware attacks that traditional sandboxes miss








Read the customer story
Lindsay Automotive Group stops email-borne threats in their fast-growing business.


“I never anticipated that we could protect our environment with exactly the same security solutions used by government agencies and Fortune 50 companies: I can now sleep at night!”

- Paul Moline, Chief Information Officer, Lindsay Automotive Group

Build a business case

Related resources

Ready to get started?

Ask about FireEye solutions, implementation or anything else. Our security experts are standing by, ready to answer your questions.

+1 888-227-2721 +61 281034308 +32 28962867 +1 877-347-3393 +971 45501444 +358 942451151 +33 170612726 +49 35185034500 +852 3975-1882 +91 80 6671 1566 +353 (0)216019160 +39 0294750535 +81 3 4577 4401 +03 77248276 +52 5585268207 +31 207941289 +64 32880234 +48 223072296 +7 4954658084 +65 31585101 +27 105008408 +82 7076860238 +34 932203202 +94 788155851 +46 853520870 +886 2-5551-1268 +27873392 +44 2036087538 +842444581914