Agreed that its hard, but we are constantly working to try and detect more ransomware and prevent the attacks in the first place.
If you haven't seen it, we have just released SEP14 which includes some exciting new features to combat polymorphic malware and such threats as ransomware:
Advanced Machine Learning - the endpoint now has machine learned malware decision trees on the endpoint, allowing it to quickly determine previously unknown threats without definitions. The decision trees are trained against millions of samples of similar threats in order to build better detection for new variants.
Generic Exploit Mitigation - GEM blocks fundamental holes in the OS that malware is relying on to take a hold on the endpoint. In the initial release we are enforcing SEHOP, blocking the disabling of Java Security Manager and detecting and preventing heap spray - all very well known techniques used by malware (especially zero day threats).
Emulator - Emulator lets us emulate around 85% of the Operating System API calls and underlying processor architecture, in order to get enough information from packed or encrypted malware to either determine its malware OR to trick it into unpacking its payload, which we will then analyse with AV and machine learning.
Its a powerful combination, you will see in coming months that we are detecting and blocking more threats than our competitors, including the next-gen folks too.
As supported SEP customers, you are all entitled to SEP14 for free and can upgrade from FileConnect today.. I urge you to take a look!
More information on the release can be found here:
https://www.symantec.com/connect/forums/symantec-endpoint-protection-140-has-been-released
and here:
https://www.symantec.com/connect/blogs/machine-learning-new-frontiers-advanced-threat-detection