This site uses cookies to enhance your experience.  By continuing to visit this website, you consent to the use of these cookies. Click here to learn more about our privacy policy.


Solution Overview

The Threat

Ransomware is the fastest growing cyberthreat today. Where national governments and large enterprises were once primary targets, now local governments and smaller organizations have become targets, with average ransoms reaching over US$40K.


The Only Total Solution to Stop Ransomware


Continuous Detection  Ransomware-no1 


Ransomware is malware designed to make your data unavailable until a ransom is paid to unlock the data.   It has a specific sequence of events called a “Kill Chain,” that it follows to infect, encrypt, and spread. However, security point products alone cannot effectively impact the Kill Chain. The gaps between the point product spheres of influence make it easy for ransomware to breach and infect successfully.  Organizations think they are protected with network firewalls, email gateways, and anti-virus/anti-malware solutions, but WannaCry proved them wrong by infecting 200,000 systems across 150 countries in only 4 days. A more holistic solution is needed to completely break the cycle. The Sangfor Security Solution for Ransomware provides an innovative strategy that successfully mitigates ransomware attacks by breaking every step in the kill chain.


Stage 1: Detect & Block Infection

Sangfor Engine Zero is a new approach to malware identification and blocking. It uses a multi-stage AI analysis engine with a 99.65% detection rate. Engine Zero is built into Sangfor NGAF with Endpoint Security to identify malicious files at both the network level and endpoints. Anything that the on-premise capabilities cannot analyze is automatically sent to the cloud-based Neural-X sandbox.


Continuous Detection  Ransomware-no2 

Stage 2: Detect & Block C&C Communications 

Next generation anti-virus (NGAV) and anti-malware cannot identify direct malware command & control (C&C) communications. Firewalls can track communications to potential C&C servers, but they cannot verify if the communications are valid or malicious. Sangfor NGAF with Endpoint Secure can not only validate malicious C&C communications but can query the endpoints to conduct a self-scan to search for infections. If an infection is found, NGAF will terminate all communications outbound to C&C servers.


Continuous Detection  Ransomware-no3 


Stage 3: Detect & Block Exploitation

Endpoint Secure installs advanced ransomware honeypot technology to quickly identify and kill file encryption processes before major damage is done. The ransomware honeypot installs bait files in the directories most likely to be encrypted first. Once a bait file is touched by an encryption process, Endpoint Secure can immediately kill the encryption process and identify the (normally hidden) controlling file. A hash signature is created for the controlling file and is sent to NGAF to query all other endpoints for the malware file. If found, the administrator can delete all instances of the file across the network with a single click.


Continuous Detection  Ransomware-no4 


Stage 4: Detect & Block Propagation 

Malware will spread to other vulnerable systems quickly, sometimes within only a few minutes. NGAF with Endpoint Secure can quickly isolate infected systems from the network to prevent spread. In some cases, the infected system may need to be operational for business requirements and cannot be isolated. Sangfor’s NGAF can identify unusual or unauthorized connections passing between endpoints across network segments. Those connections can be terminated to prevent the spread of malware across the network segments. And Sangfor NGAF is the only firewall that can graphically display allowed, suspicious, and malicious connections in real time.


Continuous Detection  Ransomware-no5

Solution Advantage

Sangfor’s Security Solution for Ransomware is the only complete, holistic security solution to prevent and mitigate ransomware attacks in real-time. No other solution can impact every step in the ransomware kill chain and no other solution is modular enough to be tailored to the requirements and budget of the organization.


Continuous Detection  Ransomware-no6
Continuous Detection  Ransomware-no7 

Sangfor Anti-Ransomware Solution: 

  • Only solution that is proven to block every step in the ransomware kill chain 
  • Only solution with direct integration between firewall and endpoint agents and not using TI or management console as go-between 
  • Firewall can block C2 communications and lateral propagation based on direct endpoint input 
  • NGAF is able to verify that endpoint is infected based on C2 communications 
  • Only solution with a ransomware honeypot that effectively stops the encryption process and identifies the controlling application network wide 

Related Videos

NGAF video

Let Sangfor Protect you Against Ransomware

Super Sangfor Man Sangfor Ransomware Protection Solutions

Super Sangfor Man! Sangfor Ransomware Protection Solutions - A customer's journey