What is the new type of ransomware?
External researchers at Safebreach Labs have shared their research about a potential new type of ransomware that can leverage the Windows Encrypting File System (EFS) to encrypt files and carry out a ransomware attack. This type of attack has not yet been seen in the wild and takes advantage of a Windows system vulnerability. It is currently unknown if Microsoft will release a patch to address it.
Are customers protected?
As this new attack is a form of ransomware, products that include CryptoGuard functionality are affected. Here are the details for each product:
Intercept X/Intercept X Advanced/Intercept X Advanced with EDR
Mitigation has been added.
Intercept X Advanced for Server/Intercept X Advanced for Server with EDR
Mitigation has been added to the Intercept X for Server EAP. Customers already enrolled in or who join the EAP will receive this mitigation. Planned general availability release for all customers is 5 February 2020.
Endpoint Exploit Prevention
Planned general availability of the mitigation is the second half of February 2020. An email is being sent to Endpoint Exploit Prevention customers to inform them.
Is there a KBA I can share with customers?
Yes, KBA135056.