This past few months we seem to be having a lot of cyber attacks with variants of the @india.com which renames files with an xtbl extension. The issue initiates from our Remote Desktop server that is visible on the internet but we have Symantec AV on the server as well which is connected to an appliance recommended by Symantec which is geared for monitoring ransomware activity. called ATP. However, we will still seem to get hit. This week, 3 days in a row.
I've spoken to Symantec but they are of no help. I am ready to throw out the ATP appliance and pull the plug on Symantec but what can I use as a substitute. I hope someone can give me some direction.