Malware and ransomware

Block email attacks that deliver or link to files that execute malicious code to compromise your organization.

solution_malware_hero_visual_2
Problem

Legitimate links to malicious files and encrypted file formats evade detection

Malware and ransomware attacks are increasingly bypassing traditional defenses by linking to malicious files hosted on legitimate platforms or sending encrypted formats.

Instead of attaching harmful files directly, attackers use trusted platforms such as SharePoint, Google Drive, or Dropbox to host malicious content and trick users into downloading infected files. Encrypted file formats further hide these threats, making them more difficult to detect.

Once accessed, these files exploit system vulnerabilities, either immediately compromising systems or lying dormant. Ransomware often follows, encrypting files and demanding payment.

solution_malware_problem_email_2 (1)
Solution

How xorlab detects and blocks malware and ransomware

xorlab detects and blocks malware and ransomware emails without relying on known malicious file signatures or traditional security indicators.

The xorlab Security Platform:

  1. Learns communication patterns between senders and recipients, considering file formats, extensions, and content to identify unusual activity.

  2. Analyzes document files in a dynamic sandbox, catching malware that bypasses standard static filters.

  3. Prompts users for passwords to encrypted files, enabling thorough analysis for potential threats.

     

solution_malware_solution_visual

Malware and ransomware techniques and characteristics

document_package_dark

Document-based malware

Attackers embed VBA scripts or macros in documents to execute malicious code when opened.

document_link_light

File-based exploits

Emails link to files designed to exploit software vulnerabilities in the victim’s system.

document_download_light

File-droppers

A downloaded benign file will download and execute additional malicious code.

encrypted_document_light

Encryption and obfuscation

Files are encrypted or disguised in archives to make them harder to detect.

malware_link_light

External file links

Linked files are hosted on cloud services or compromised sites to appear legitimate.

Within the MITRE ATT&CK® Matrix, malware and ransomware maps to multiple techniques (Phishing (sub-technique: Spearphishing Attachment, Link, via Service), User Execution (sub-technique: Malicious File), Command and Scripting Interpreter, etc.) and tactical objectives (Initial Access, Execution, Lateral Movement, Collection, Command and Control, Exfiltration and Impact).

Detect and block advanced malware and ransomware

Discover how xorlab's behavioral AI protects your organization from advanced malware and ransomware attacks before they compromise your systems.

Trusted by organizations with highest security needs