* [Blog](https://www2.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/) * [未分类](https://www2.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant) * 利用 Traps 防护恶意软件和勒索软件... # 利用 Traps 防护恶意软件和勒索软件 [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2019%2F02%2Fpreventing-malware-ransomware-cn%2F%3Flang%3Dzh-hans) [](https://twitter.com/share?text=%E5%88%A9%E7%94%A8+Traps+%E9%98%B2%E6%8A%A4%E6%81%B6%E6%84%8F%E8%BD%AF%E4%BB%B6%E5%92%8C%E5%8B%92%E7%B4%A2%E8%BD%AF%E4%BB%B6&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2019%2F02%2Fpreventing-malware-ransomware-cn%2F%3Flang%3Dzh-hans) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2019%2F02%2Fpreventing-malware-ransomware-cn%2F%3Flang%3Dzh-hans&title=%E5%88%A9%E7%94%A8+Traps+%E9%98%B2%E6%8A%A4%E6%81%B6%E6%84%8F%E8%BD%AF%E4%BB%B6%E5%92%8C%E5%8B%92%E7%B4%A2%E8%BD%AF%E4%BB%B6&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2019/02/preventing-malware-ransomware-cn/?lang=zh-hans&ts=markdown) \[\](mailto:?subject=利用 Traps 防护恶意软件和勒索软件) Link copied By [Danny Milrad](https://www.paloaltonetworks.com/blog/author/danny-milrad/?lang=zh-hans&ts=markdown "Posts by Danny Milrad") and [Eila Shargh](https://www.paloaltonetworks.com/blog/author/eila-shargh/?lang=zh-hans&ts=markdown "Posts by Eila Shargh") Feb 27, 2019 1 minutes [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown) [malware](https://www.paloaltonetworks.com/blog/tag/malware-zh-hans/?lang=zh-hans&ts=markdown) [ransomware](https://www.paloaltonetworks.com/blog/tag/ransomware-zh-hans/?lang=zh-hans&ts=markdown) This post is also available in: [English (英语)](https://www2.paloaltonetworks.com/blog/2019/01/preventing-malware-ransomware-traps/ "切换到 英语(English)") [繁體中文 (繁体中文)](https://www2.paloaltonetworks.com/blog/2019/02/preventing-malware-ransomware-tw/?lang=zh-hant "切换到 繁体中文(繁體中文)") [日本語 (日语)](https://www2.paloaltonetworks.com/blog/2019/02/preventing-malware-ransomware-jp/?lang=ja "切换到 日语(日本語)") [한국어 (韩语)](https://www2.paloaltonetworks.com/blog/2019/02/preventing-malware-ransomware-traps-kr/?lang=ko "切换到 韩语(한국어)") 虽然勒索软件已不再新奇,但由 WannaCry、Petya/NotPetya 和最近的 TrickBot 所发起的攻击已表明现有的防护手段已无力应对高级的勒索软件攻击。攻击者改善了攻击的手段和恶意软件的用法,使攻击更为复杂、更加自动化、更具有针对性,并且更容易规避。 虽然距离 WannaCry 的首次攻击已经过去两年之久,但这款软件仍然十分活跃,在新闻中还能持续看到与这款危险的恶意软件相关的漏洞。[WannaCry](https://www.paloaltonetworks.com/blog/2017/05/unit42-threat-brief-wanacrypt0r-know/) 持续有效的原因是这款软件同时利用恶意软件和漏洞利用来实现攻击目的。首先,它利用 Microsoft SMB 协议中的漏洞来获取内核级别的权限。然后利用[内核 APC](https://www.paloaltonetworks.com/blog/2017/10/threat-brief-understanding-kernel-apc-attacks/)(异步过程调用)攻击手段,使得这种攻击具有隐蔽性。针对内核进行的攻击已经众所周知,并且能够进行防护。但是内核 APC 攻击是截然不同的攻击手段。这种手段无需攻击内核来获取权限。内核 APC 攻击++已经具有++了内核权限,并利用这些权限实现目的,即让合法的程序执行恶意代码,而不是执行程序自身的合法代码。 从最终用户的角度来看,他们只能看到勒索软件画面,而无法看到这些软件在端点中进行的其他活动。与此同时,恶意软件继续以东西向传播,尽其所能地感染内部和外部存在漏洞的计算机。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/12/Traps2-500x281.png) WannaCry 攻击序列简图 接下来谈谈 Palo Alto Networks Traps。Traps Advanced Endpoint Protection 包含了多种防护已知和未知恶意软件、勒索软件及漏洞利用的手段,能够在端点遭受侵害之前阻止恶意程序的执行。通过向攻击生命周期的关键阶段施加防护,不论端点使用何种操作系统、是联机还是脱机、是否连接到公司网络,Traps 都可以防止勒索软件的攻击。 在 WannaCry 爆发之前,受到 Traps 保护的端点能够检测到攻击生命周期中的相关阶段并进行阻止。首先,当内核权限尝试提升到用户级别时,Traps 能够检测到漏洞利用技术。当 Traps 检测到相关操作后,会阻止攻击。如果无效,恶意进程防护模块会检测并阻止生成子进程的父进程。如果之前的模块都没有检测到该威胁,代理会通过本地分析、勒索软件防护模块或详细的 WildFire 分析将攻击识别为已知威胁并加以阻止。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/12/Traps1-500x281.png) 在 WannaCry 攻击期间和之后,并没有 Palo Alto Networks 客户受到 WannaCry 感染的报告,因为在 2017 年 5 月 12 日,英国国家卫生署遭到攻击的一个月前,相关威胁已经提交到了 WildFire 恶意软件防护服务。当我们查看 AutoFocus 时,我们发现 WannaCry 首次发现的日期是 2017 年 4 月 16 日,在那时防护手段就已经创建并发送给所有的 Palo Alto Networks 防火墙、端点等位置。 总的来说,攻击者必须在攻击生命周期的每个阶段都取得成功才能进行攻击,因此 Traps Advanced Endpoint Protection 仅需成功干预其中一个阶段便可阻止攻击。 要进一步了解端点防护的基本要求,请[观看此按需网络直播](https://www.sans.org/webcasts/109540)来了解 Traps 如何简化防护并降低保护资源敏感环境的成本。 *** ** * ** *** ## Related Blogs ### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown) [#### AI代理已經來臨,威脅也隨之而來](https://www2.paloaltonetworks.com/blog/2025/05/ai-agents-threats/?lang=zh-hant) ### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown) [#### Strata Copilot - 加速迈向自主网络安全的未来](https://www2.paloaltonetworks.com/blog/network-security/strata-copilot/?lang=zh-hans) ### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown) [#### 防火墙已死?至少本世纪不会!](https://www2.paloaltonetworks.com/blog/2023/08/ngfw-is-not-dead-yet/?lang=zh-hans) ### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown) [#### 面对性命攸关的时刻,如何实现可靠的医疗物联网安全](https://www2.paloaltonetworks.com/blog/2022/12/medical-iot-security-to-depend-on/?lang=zh-hans) ### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown) [#### 利用业界首创的 AIOps for NGFW 革新防火墙运行](https://www2.paloaltonetworks.com/blog/2022/03/industry-first-aiops-for-ngfw/?lang=zh-hans) ### [未分类](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e7%b1%bb/?lang=zh-hant&ts=markdown) [#### Prisma Access 是保护远程用户安全的领先云服务](https://www2.paloaltonetworks.com/blog/2021/08/prisma-access-leading-cloud-service-secure-remote-users/?lang=zh-hans) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language