Don't Be the Next Victim of Ransomware

Ransomware is an increasingly common method of attack for hackers against individuals, SMBs and enterprises alike. While the first incidents of ransomware were discovered as early as 2005, the last three years have seen this type of threat explode in popularity and compromise millions of computers and mobile devices around the world.

Ransomware Discoveries

The total amount of reported damages from ransomware attacks in 2015 totaled $325 million.


In a one-month study, over 68,000 computers were infected by ransomware. That’s over 5,700 per day AND over 2 million per year.


From Q4 2014 to Q1 2015 ransomware samples increased 165%.

So what is it and how does it work?

Ransomware is a type of advanced malware attack that takes hold of a device, either locking the user out entirely or encrypting files so they cannot be used. This type of attack can gain access to your device in a variety of ways. Whether downloaded from a malicious or compromised website, delivered as an attachment from a phishing email or dropped by exploit kits onto vulnerable systems, once executed in the system ransomware will either lock the computer or encrypt predetermined files. The attacker will then make themselves known with an “official” ransom demand, as well as thorough instructions and timelines on how to make a payment to either regain access to the device or to receive the decryption key for the captive files.


What about WannaCry?

Highly publicized in May, 2017, WannaCry is a widely known ransomware attack that quickly locked out companies like FedEx and UK’s NHS, as well as numerous SMBs, from accessing their data. It’s able to evade some legacy AV controls and used NSA-leaked information about a Windows vulnerability to spread quickly - like a worm. However, WannaCry ransomware is just the latest advanced threat to take unprotected organizations around the globe hostage. This attack makes clear that enterprise-grade, layered security is no longer a luxury, but is a critical need for every organization, no matter their size.

While WatchGuard’s Gateway AntiVirus (GAV) does catch many variants, APT Blocker’s behavior detection will block all current and future repacked WannaCry strains – and our Intrusion Prevention Service (IPS) will catch the NSA leaked MS17-010 vulnerability that it uses to spread. Additionally, Threat Detection and Response (TDR) provides the correlated information necessary to detect and remediate WannaCry and future advanced threats!


Now what do you do?

The traditional advice in defending against these types of attacks includes persistent reminders to educate users, perform regular software updates and back up all critical devices. All great best-practice rules to live by, but these tips only provide a minimal, first level of defense against an advanced attack. Experts also agree that a layered approach to security is key to an active defense against ransomware. WatchGuard Total Security Suite, available with all Firebox appliances, provides strong defenses against advanced malware and ransomware. Security controls included in the Total Security Suite, such as WebBlocker, APT Blocker and Host Ransomware Prevention, help to detect and prevent common methods of ransomware attacks.

How to Prevent Ransomware

Icon: Host Ransomware Prevention
Host Ransomware Prevention

The Host Ransomware Prevention (HRP) feature of Threat Detection and Response enables industry-leading prevention against ransomware attacks. HRP blocks the execution of ransomware before any file encryption on the endpoint takes place, mitigating the attack before any data is lost or damage is done.

Learn More

Icon: WatchGuard APT Blocker
APT Blocker

APT Blocker is a dynamic sandboxing solution providing detailed visibility and analysis into the execution of malware. If the file has never been seen before, the files are detonated in a virtual environment to analyze the behavior and determine the threat level, protecting against advanced malware and zero-day threats.

Learn More

About WatchGuard

WatchGuard has deployed nearly a million integrated, multi-function threat management appliances worldwide. Our signature red boxes are architected to be the industry's smartest, fastest, and meanest security devices with every scanning engine running at full throttle. Why buy WatchGuard? Find out here.



  • Global Headquarters
    505 Fifth Avenue South, Suite 500
    Seattle, WA 98104, United States
  • Phone
    1.800.734.9905 US & Canada