On May 12 of 2017, the WannaCry ransomware struck across the globe, encrypting computers by exploiting a critical vulnerability in Windows, first discovered by the US National Security Agency. Among its first targets were the British National Health Service, Federal Express, and Telefonica, but soon banks, schools, hospitals, government agencies and other organizations were infected, involving some 230,000 computers in 150 countries, as reported in Wikipedia’s WannaCry Ransomware Attack.

The unexpected widespread damage and economic costs of WannaCry had everyone from IT managers to everyday users anxiously asking: just how do you protect yourself, at work or at home, from attacks by unknown ransomware? Apart from keeping your computer updated with the latest security patches (which would have helped in this case), is there a single surefire security technology that can stop it in its tracks, before it infects you and holds you hostage? And more specifically (for the purposes of this article), how does Trend Micro Security (TMS), our flagship product for PCs, protect you from such threats?

Layered Protection in Trend Micro Security

Trend Micro provides plenty of advice online to help you protect yourself from ransomware. You can get a leg up on good defense by re-reading Christopher Budd’s Ransomware: What it is, why you should care, what you can do to protect against it, published last year on Simply Security. And you can go to our ransomware page Don’t let criminals hold your computer hostage for more facts and tools to address the challenges. But you need to know right away that there’s actually no single, surefire type of security technology that, by itself, can protect you from ransomware and other malware threats. The best endpoint protection is always delivered in layers, using multiple protective techniques.

Trend Micro Security is an outstanding example of this—and two of its newest protective techniques include XGen (cross-generational) machine learning and trusted application protection, delivered across several protective layers. Machine learning stops never-before-seen threats that can evade signature-based protection, allowing TMS to stay one step ahead of the bad guys. Trusted application protection in TMS’ Folder Shield stops changes in protected folders and files by unauthorized applications—those not in the trusted application list. Both enhance TMS’ ability to stop unknown malware and ransomware.

But what do we mean by layered protection? If you picture a king or queen in a castle (you and your computer!) protected by a moat, walls, and soldiers, you have a simple Game of Thrones-type image for how it all works. (The graphic we use here looks more like a target, but perhaps that’s fitting.)

Figure 1. Evolutionary Layered Protection, XGen™, and Folder Shield in Trend Micro Security

First, we use each layer of protection to help determine if a potential invader is good, bad, suspicious, or unknown. If it’s bad, and for any reason we can’t stop it at one layer, we apply the protections in the next layer.

The Exposure Layer : You can be exposed to ransomware and malware when you merely access the internet, browse the web, click a web ad, or open an email—what we call the critical channels or context. Right at the outset, Trend Micro Security prevents you from being exposed to harmful threats before they can even reach your PC. Using our Smart Protection Network (SPN), we analyze and prevent you from accessing malicious domains and websites in browsers, emails, and social networks. We stop intrusions and calls to botnets. And we make sure your browser and applications aren’t compromised by exploits of vulnerabilities, by analyzing scripts that can lead to malware infections.

: You can be exposed to ransomware and malware when you merely access the internet, browse the web, click a web ad, or open an email—what we call the critical channels or context. Right at the outset, Trend Micro Security prevents you from being exposed to harmful threats before they can even reach your PC. Using our Smart Protection Network (SPN), we analyze and prevent you from accessing malicious domains and websites in browsers, emails, and social networks. We stop intrusions and calls to botnets. And we make sure your browser and applications aren’t compromised by exploits of vulnerabilities, by analyzing scripts that can lead to malware infections. The Infection Layer : We refer to the next layer as the “infection layer” because these are threats that may have evaded the first layer and are now in the process of being downloaded or copied to your device. At this layer, we scan the file as it tries to download, stopping it if our scanning engine determines it to be malicious; and we also scan the files that land or are stored on your PC. In our latest release of Trend Micro Security, we add context–aware machine learning, a type of artificial intelligence, to determine the likelihood of a file or app being bad. The magic here is how we do it—correlating the discoveries machine learning reveals to make the unknown known. Suffice to say, the result helps TMS stop heretofore unknown and more sophisticated threats with great accuracy and fewer false alarms than ever before.

: We refer to the next layer as the “infection layer” because these are threats that may have evaded the first layer and are now in the process of being downloaded or copied to your device. At this layer, we scan the file as it tries to download, stopping it if our scanning engine determines it to be malicious; and we also scan the files that land or are stored on your PC. In our latest release of Trend Micro Security, we add context–aware machine learning, a type of artificial intelligence, to determine the likelihood of a file or app being bad. The magic here is how we do it—correlating the discoveries machine learning reveals to make the unknown known. Suffice to say, the result helps TMS stop heretofore unknown and more sophisticated threats with great accuracy and fewer false alarms than ever before. The Behavior Layer: The third layer monitors the behavior of the file as executes on your system, including files executing from USB sticks. If the file shows suspicious behavior, changing files or settings in ways or in places it shouldn’t, the process is blocked. Our machine learning magic factors in here too, as we correlate low-prevalence files with types of suspicious behavior, to help discover and stop any heretofore unknown threats. Folder Shield also protects at this layer, stopping the access of files in protected folders, whether on your computer or in a cloud-synced folder on Drobox, Google Drive, or Microsoft OneDrive, by any applications not in the Trusted Application List. If ransomware tries to encrypt files in a protected folder, TMS immediately backs up any encrypted files, stops the encryption process, deletes the ransomware, then uses the backup files to help restore your system to the way it was.

TMS, Machine Learning, and Folder Shield

In the end, though there’s no single type of protection against unknown malware and ransomware, Trend Micro Security’s layered approach provides the right industry-leading protection to keep you safe. XGen™ machine learning adds powerful protection for unknown malware and ransomware. And Folder Shield keeps your most important files being held hostage by cybercriminals. Mac users should know that Trend Micro Security’s Antivirus for Mac also uses a layered approach to protection, applying XGen™ machine learning, along with Folder Shield, to stop malware in its tracks. Unknown ransomware doesn’t stand a chance!

Find out more about Trend Micro Security, or purchase a subscription.

Watch the Trend Micro Security Video Series.

Watch the XGen™ Threat Protection Video Series.

Watch Trend Micro Security’s Folder Shield Video Series.