Global cyber risk and insurance company Beazley
recently reported that ransomware attacks increased 105% in the first quarter of 2019 over the first quarter of last year and total financial damage due to ransomware is expected to top $11.5 billion this year.
Prior to the emergence of ransomware, malware typically didn’t deny access to systems or destroy data. With the emergence of anonymous currencies such as Bitcoin and Ripple, however, attackers gained an easy way to profit with relatively low risk, making ransomware highly lucrative and funding the development of the next generation of ransomware.
A typical ransomware infection occurs in the following four steps:
5 components of Cisco Ransomware Defense
- Infection vector exploited. Ransomware is commonly delivered through mass phishing campaigns, malvertising or targeted exploit kits.
- C2 communication and key exchange. After the victim clicks a link or attachment and inadvertently launches the malicious executable, the software tries to communicate back to its command and control (C2) server to create and transmit the public or private keys used to encrypt the files.
- Files encrypted. Once the malicious software has the necessary keys, it identifies specific file types and directories to encrypt.
- Ransom requested. After encryption completes, a notification is left for the user with instructions on how to pay the ransom.
The Ransomware Defense solution provides ransomware protection from the DNS layer to email to the endpoint. Plus, it’s backed by Cisco’s Talos threat intelligence team. Here’s a summary of the products that comprise the Ransomware Defense solution, and their role in keeping your customers safe:
- Cisco Umbrella protects devices on and off the corporate network. It blocks DNS requests before a device can even connect to malicious sites hosting ransomware.
- Cisco Advanced Malware Protection (AMP) for Endpoints blocks ransomware files from opening on endpoints. Here’s a short video that shows it in action.
- Cisco Email Security with AMP blocks spam and phishing emails, malicious email attachments, and URLs. The technology is the same as that applied on the endpoint, but it’s deployed at the email gateway.
- Cisco Firepower next-generation firewall (NGFW) with AMP and Cisco Threat Grid sandboxing technology stops threats by containing known and unknown malware and blocking C2 callbacks to ransomware hosts.
- Cisco Security services provide immediate triage in the case of an incident. It also streamlines deployments of AMP, NGFW and other solutions.
For more information about Cisco Ransomware Defense and to help your clients outmaneuver the cleverest ransomware attacks, click here