Ransomware Attacks

What do you need to know?

What is it?Ransomware is malicious software, or malware, that encrypts the information on a person’s computer like documents, photos and music. It will not release these files until the user pays a fee — or ransom — to unlock these files and get them back. Ransomware has quickly become the most profitable type of malware ever seen, on its way to becoming a $1 billion annual market. Ransomware is typically distributed through a few main avenues. These include email phishing, malvertising (malicious advertising), and exploit kits. After it is distributed, the ransomware encrypts selected files and notifies the victim of the required payment.How it works?1. In a typical attack, a user receives a phishing email that looks legitimate. It could appear to be from a company email address, or from someone they know.2. Suitably promoted, the user clicks a link or downloads an attachment in the email, giving ransomware access to his or her computer and the broader company network.

"What if you could stay safer from ransomware, however it may attempt to get into your network?"

3. The ransomware encrypts files and data, locking users out of their network and bringing the target business to a grinding halt. If it's an e-commerce business, all trading ceases.

4. The company receives a message demanding a ransom to get back file access or risk losing their data forever. Attackers usually request payment in untraceable bitcoins.5. Australian businesses pay an average ransom of $15,747 to get back their data, but individual ransoms can be much higher.6. Even after paying the ransom, around half of the businesses targeted by ransomware experience significant downtime and data loss as a result.> MoreHow can you be affected by ransomware? Ransomware has quickly become the most lucrative type of malware ever seen.The FBI has said it is on way to becoming a $1 billion annual market. Cisco Talos research shows that a single ransomware campaign can generate up to $60 million annually. Ransomware is gaining so much attention it is has been featured on broadcast TV shows.Attackers have the funds and desire to continue innovating ransomware strands that will become far more virulent. We believe that ransomware will become more capable of self-propagating, with the aim of locking up vast swaths of corporate networks. That would effectively knock corporate IT functionality back to the 1970s. Current responses to ransomware tend to revolve around single point products. We must consider bringing a more architectural approach to bear given the various vectors it targets to gain infections. This solution overview addresses the various vectors and methods that attackers use. Defenders must secure both email and the web, block access to malicious infrastructure on the Internet, stop any ransomware files that make it all the way to an endpoint, block the commandand-control callbacks used and prevent easily lateral movement of ransomware should an infection occur.

Has your company been infected with Ransomware?

Yes
No
I am not aware

Read the Cyber Threat Response magazine to see how the cyber criminals are exploiting the breaches

How can you prevent the attack?Cisco Ransomware Defense brings together all the necessary pieces of the Cisco security architecture to address the ransomware challenge. You can choose all the pieces or select ones that fulfill an immediate security need.Ransomware Defense comprises:

Cisco Umbrella protects devices on and off the corporate network. It blocks DNS requests before a device can even connect to malicious sites hosting ransomware. Cisco Umbrella 14 days trial

Cisco Advanced Malware Protection (AMP) for Endpoints blocks ransomware files from opening on endpoints.

Cisco Email Security with Advanced Malware Protection (AMP) blocks spam and phishing emails and malicious email attachments and URLs. The AMP technology is the same at that applied on the endpoint, but it’s deployed at the email gateway.

Cisco Firepower Next-Generation Firewall with Advanced Malware Protection (AMP) and Threat Grid sandboxing technology blocks known threats and command-and-control callbacks while providing dynamic analysis for unknown malware and threats.

Cisco ISE via the Cisco network to dynamically segment your network, so access to services and applications stays highly secure and ransomware cannot spread laterally.

Cisco Security Services provide immediate triage in the case of incident response. They also streamline deployments of AMP, NGFW, and other solution products

“We have covered a great risk in the web attack vector of ransomware and greatly improved our user experience in regards to Internet connectivity.”

– Jason Hancock, Global Senior Network Engineer, Octapharma

Advanced Malware Protection can be immediately added to email security products through an easy license for static and dynamic analysis (sandboxing) of unknown attachments that traverse the Cisco Email Security gateway.With Ransomware Defense, you can use your network as an enforcer to contain the spread of ransomware. It will not be able to propagate as easily on the network in the worst-case scenario of an infection. Cisco Security Services can provide immediate triage in the case of an outbreak. They also streamline deployments and help ensure that the solution is configured to provide the greatest possible effectiveness in your environment.Key capabilities:

Block ransomware from getting into the network or being downloaded onto laptops

Contain ransomware in worst-case scenarios should it enter the network

Shared threat intelligence across all products for a unified, concerted defense