Important: New research on potential ransomware attack method

ProductsIntercept XIntercept X for ServerThreats & Malware

Researchers have discovered a potential new type of ransomware, we are releasing product updates to ensure customers are protected. Read this article for information you can use with your customers.

What is the new type of ransomware?
External researchers at Safebreach Labs have shared their research about a potential new type of ransomware that can leverage the Windows Encrypting File System (EFS) to encrypt files and carry out a ransomware attack. This type of attack has not yet been seen in the wild and takes advantage of a Windows system vulnerability. It is currently unknown if Microsoft will release a patch to address it.

Are customers protected?
As this new attack is a form of ransomware, products that include CryptoGuard functionality are affected. Here are the details for each product:

Intercept X/Intercept X Advanced/Intercept X Advanced with EDR
Mitigation has been added.

Intercept X Advanced for Server/Intercept X Advanced for Server with EDR
Mitigation has been added to the Intercept X for Server EAP. Customers already enrolled in or who join the EAP will receive this mitigation. Planned general availability release for all customers is 5 February 2020.

Endpoint Exploit Prevention
Planned general availability of the mitigation is the second half of February 2020. An email is being sent to Endpoint Exploit Prevention customers to inform them.

Is there a KBA I can share with customers?
Yes, KBA135056.