Endpoint Protection

Suggest, discuss, and vote on new ideas for Sophos Endpoint Protection. Comprehensive security for users and data

Suggest an Idea...

Detect Ransomware by Scanning Text/HTML for Common Phrases

Could you possibly add the ability to scan newly created text or html documents for common phrases found in the ransom notes of current ransomware strains? Seems to be a common sense approach to detecting this kind of infection and preventing it from spreading much beyond the original point of infection. Think of it as DLP in reverse, people really shouldn't have the need to type things like "What happened to your files" or "Your files have been encrypted using the latest..." so the only possible source would be malicious software. On a Windows server you could easily get the owner of the file and change the ACL on all network shares to either block that user or change the rights to read only.

2 votes
Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)

We’ll send you updates on this idea

Jeff B shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Sign in with: Facebook Google Sophos Features & Ideas Laboratory
Signed in as (Sign out)
Submitting...
  • Jeff B commented  ·   ·  Flag as inappropriate

    Found out today that your competition, NOD32, already detects this, better catch up.

Feedback and Knowledge Base

icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.