The proliferation of malware attacks directed at the endpoint through techniques such as social engineering, forces the user to take precautions to protect their data and those of their company.
One of the main infection vectors are spam campaigns with attachments. The spam campaigns used by the ransomware are usually carried out by messages containing compressed attachments (.zip) that include the malicious code that the user must execute. These files can be of type PE (usually a file with an .exe extension), a script (.js, .vbs, .wsf, etc.) or a Word document (compressed or not). Another quite successful strategy for cyber-criminals is to include a link in the email that takes the victim to a Web page from which to download the compressed file. You can see detailed information in the Panda Media Center post: Tails from Ransomware: Spam campaigns
All Panda Adaptive Defense products include a layer detection model that ensures the protection of the endpoint against all types of attacks.
|The Panda Adaptive Defense layer detection model|
|Layer 1: Heuristic and signature detection|
The first level of defense is composed of traditional or static technologies. The antivirus engine uses information stored in the signature file, as well as information available in the Collective Intelligence (Cloud) to perform the relevant analysis when receiving a document or when accessing a compromised website and download the malicious JS. In the event that the traditional technology does not identify both files as malicious, the next layer of protection would come into play.
Layer 2: Contextual Engine
In this layer, the dynamic detection technologies are triggered when the element is executed. In this case, the detection method takes into account the execution context (contextual technologies) or the origin of it (hardening rules).
Layer 3: Service Classification of 100% of the processes
In this layer of protection, it is the attestation service, which guarantees the classification by the Panda Security laboratory of all the PEs identified, giving rise to models which will only allow the execution of elements provided they have been classified by our laboratory as reliable and based upon the Advanced Protection configuration set to LOCK mode.
Layer 4: Anti-exploit technology
On the other hand, through anti-exploit technologies, the manipulation in the memory of legitimate processes is avoided, thus avoiding the exploitation of vulnerabilities that could compromise the computer.
For detailed information on how the technologies and managed services integrated in Panda Adaptive Defense 360 work together, read Panda Adaptive Defense 360 technologies - Managed Detection, Managed Mitigation white paper.