Ransomware is currently the most profitable and fastest growing industry within the Cyber-criminal framework. As our technology expands into every corner of our world, we seek to expand its ability to improve how we work and play. We look to the amazing breadth of capability that comes from such massive interconnectedness to bring efficiency and greater profit. However, this scale creates opportunities on many fronts. Just as it is easier today for anyone in the world to be part of the Internet, so is it easy, and cheaper, to leverage that same diversity of capability and vulnerability for massive criminal gains.
Ransomware, the practice of cryptographically holding your data hostage, is just the most current face of an old practice. Cybercriminals have always sought ways to generate revenue, obtain sensitive and intellectual property, or create greater social or political status. Like any effective business, the best methods are those that give scale, reduce the cost of production, and maximize the rate of return.
Combining the explosive growth in connected technologies (laden with vulnerabilities, but little built with security in mind or budget) with the anonymous advantages and rise of Bitcoin means easily deployed attacks are quickly and easily monetized. Why steal data to sell, when its owners will contribute to a more than $1 billion protection racket?
We will look at a few of the key phases of the Attack Chain that Ransomware follows, and how we can respond more effectively to these threats. Ransomware is much like any other malware (malicious software); it follows traditional delivery models (email and web delivery) with a focus on leveraging human behavior to drive deployment and execution. Time to Detection and Time to Response are now critical capabilities for cyber responders to both reduce the likelihood of ransomware exposure and limit the damage from those attacks that do succeed.
Cisco’s Ransomware Defense comprises:
- Cisco Umbrella, which blocks threats at the network layer, far away from your network •
- Cisco Advanced Malware Protection (AMP) for Endpoints, which blocks malicious ransomware files from running on endpoints
- Cisco Email Security, which stops phishing and spam messages seeking to deliver ransomware