* [Blog](https://www.paloaltonetworks.com/blog) * [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/) * [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr) * 使用 Traps 預防惡意軟體及勒索軟體... # 使用 Traps 預防惡意軟體及勒索軟體 [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F02%2Fpreventing-malware-ransomware-tw%2F%3Flang%3Dzh-hant) [](https://twitter.com/share?text=%E4%BD%BF%E7%94%A8+Traps+%E9%A0%90%E9%98%B2%E6%83%A1%E6%84%8F%E8%BB%9F%E9%AB%94%E5%8F%8A%E5%8B%92%E7%B4%A2%E8%BB%9F%E9%AB%94&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F02%2Fpreventing-malware-ransomware-tw%2F%3Flang%3Dzh-hant) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2019%2F02%2Fpreventing-malware-ransomware-tw%2F%3Flang%3Dzh-hant&title=%E4%BD%BF%E7%94%A8+Traps+%E9%A0%90%E9%98%B2%E6%83%A1%E6%84%8F%E8%BB%9F%E9%AB%94%E5%8F%8A%E5%8B%92%E7%B4%A2%E8%BB%9F%E9%AB%94&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2019/02/preventing-malware-ransomware-tw/?lang=zh-hant&ts=markdown) \[\](mailto:?subject=使用 Traps 預防惡意軟體及勒索軟體) Link copied By [Danny Milrad](https://www.paloaltonetworks.com/blog/author/danny-milrad/?lang=zh-hant&ts=markdown "Posts by Danny Milrad") and [Eila Shargh](https://www.paloaltonetworks.com/blog/author/eila-shargh/?lang=zh-hant&ts=markdown "Posts by Eila Shargh") Feb 27, 2019 1 minutes [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) This post is also available in: [English (英語)](https://www.paloaltonetworks.com/blog/2019/01/preventing-malware-ransomware-traps/ "Switch to 英語(English)") [简体中文 (簡體中文)](https://www.paloaltonetworks.com/blog/2019/02/preventing-malware-ransomware-cn/?lang=zh-hans "Switch to 簡體中文(简体中文)") [日本語 (日語)](https://www.paloaltonetworks.com/blog/2019/02/preventing-malware-ransomware-jp/?lang=ja "Switch to 日語(日本語)") [한국어 (韓語)](https://www.paloaltonetworks.com/blog/2019/02/preventing-malware-ransomware-traps-kr/?lang=ko "Switch to 韓語(한국어)") 儘管勒索軟體已經不是什麼新鮮事,如 WannaCry、Petya/NotPetya 和更近期的 TrickBot 等重大攻擊都顯示在預防進階勒索軟體攻擊方面,現有的預防方式顯得成效不彰。攻擊者已經順應時宜地改變其方針,而惡意軟體的運用也變得更加複雜、自動化、具針對性且有高度迴避能力。 儘管 WannaCry 的首次攻擊已經是約莫兩年前的事情,但其作法委實有效,以至可歸因於這個危險惡意軟體的入侵事件至今仍不斷見諸于媒体报端。[WannaCry](https://www.paloaltonetworks.com/blog/2017/05/unit42-threat-brief-wanacrypt0r-know/?ts=markdown) 之所以能持續有效,是因為它同時利用惡意軟體和入侵等手段來完成其任務。首先,它利用了 Microsoft SMB 通訊協定中的弱點來取得核心等級的權限。讓此攻擊如此難以覺察的部分原因便是它運用了[核心 APC](https://www.paloaltonetworks.com/blog/2017/10/threat-brief-understanding-kernel-apc-attacks/?ts=markdown) (非同步程序呼叫) 攻擊。針對核心的攻擊已經存在許久,不只深為人知,並且也有防護的辦法。然而,核心 APC 攻擊是完全不同類別的攻擊。這些攻擊並非透過攻擊核心來取得權限。恰恰相反,核心 APC 攻擊++已經擁有++核心權限,並且會利用它們來執行其目標,在這個案例,他們則是藉此來讓合法程式執行惡意代碼,而非執行原本的合法代碼。 從終端使用者的角度來看,勒索軟體的畫面將所有人擋在外頭,因此他們無法看見端點中是否有其餘活動在進行。與此同時,惡意軟體正持續東西向傳播,盡可能地感染著內部及外部的機器弱點。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/12/Traps2-500x281.png) 簡化版 WannaCry 攻擊過程 這時 Palo Alto Networks Traps 登場。Traps 進階端點防護結合了能在端點遭到危害前,先行抵擋已知與未知勒索軟體、惡意軟體以及入侵的多種防禦措施。無論採用何種作業系統、端點是否上線,或者是否已連線至企業網路,Traps 都能夠透過在攻擊生命週期的重要階段中設防來防禦勒索軟體的攻擊。 WannaCry 災情爆發之前,受到 Traps 保護的端點得以在攻擊生命週期的數個位置中偵測並阻止此勒索軟體。首先,Traps 會偵測到核心權限嘗試升高至使用者等級的入侵技術。只要 Traps 偵測到此動作,它就會完全停止此攻擊。若無法奏效,惡意程序防護模組將會偵測並阻止母程序生成子程序。若先前的模組都未偵測到威脅,則代理程式將會透過本機分析、勒索軟體防護模組或是詳盡的 WildFire 分析來辨識出這個已知威脅,進而偵測並阻止此攻擊。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2018/12/Traps1-500x281.png) 在 WannaCry 攻擊期間與之後皆沒有已知的 Palo Alto Networks 客戶受到 WannaCry 感染,因為早在 2017 年 5 月 12 日英國國民健康服務遭到攻擊前的一個月,此威脅便已經提交至 WildFire 惡意軟體防禦服務中。當我們調查 AutoFocus 時,我們發現 WannaCry 首次發現於 2017 年 4 月 16 日,而且當時便已經將建立好的保護措施分散至各個 Palo Alto Networks 的防火牆及端點等處。 說到最後,攻擊者還是必須在攻擊生命週期的每個階段獲得成功,才能完成攻擊,然而 Traps 進階端點防護僅需要成功抵擋一個階段便能阻止攻擊。 若要瞭解更多有關端點防護的基本需求,[請檢視這部隨選網路直播](https://www.sans.org/webcasts/109540)來瞭解 Traps 如何簡化防護,並降低保障資源敏感環境的成本。 *** ** * ** *** ## Related Blogs ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### Strata Copilot - 加速邁向自發性網路安全性的未來](https://www.paloaltonetworks.com/blog/network-security/introducing-strata-copilot/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 醫療企業是勒索軟體攻擊者的首要目標](https://www.paloaltonetworks.com/blog/2021/10/healthcare-organizations-are-the-top-target/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 適用於 5G 的零信任:實現安全的數位轉型](https://www.paloaltonetworks.com/blog/2021/10/zero-trust-for-5g-digital-transformation/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 網路攻擊鎖定金融服務企業的 3 個原因以及防禦方式](https://www.paloaltonetworks.com/blog/2021/10/financial-services-cyberattacks/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### 連續 7 年提供出色的客戶服務](https://www.paloaltonetworks.com/blog/2021/10/delivering-outstanding-customer-service/?lang=zh-hant) ### [未分類](https://www.paloaltonetworks.com/blog/category/%e6%9c%aa%e5%88%86%e9%a1%9e/?lang=fr&ts=markdown) [#### Palo Alto Networks 研究:61% 的企業難以確保在家工作的遙距網絡安全](https://www.paloaltonetworks.com/blog/2021/09/state-of-hybrid-workforce-security-2021/?lang=zh-hant) ### Subscribe to the Blog! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language