Ransomware: A fast-growing, powerful threat.

May 18, 2020

This is the year of ransomware. And it is proving to be seriously profitable.

Ransomware has quickly become the most lucrative type of malware ever seen. The FBI has said ransomware is on the way to becoming a $1 billion annual market. Cisco Talos research shows that a single ransomware campaign can generate up to $60 million annually.

Attackers have the funds and the desire to continue innovating ransomware strands that will become far more virulent. We believe that ransomware will become more capable of self-propagating, with the aim of locking up vast swaths of corporate networks. That would effectively knock corporate IT functionality back to the 1970s.

Current responses to ransomware tend to revolve around single point products. We must consider bringing a more architectural approach to bear given the various vectors that ransomware targets. This solution overview addresses the various vectors and methods that attackers use.

Defenders must:

  • Secure both email and the web
  • Block access to malicious infrastructure on the Internet
  • Stop any ransomware files that make it all the way to an endpoint
  • Block the command-and-control callbacks used
  • Prevent lateral movement of ransomware should an infection occur.

How can Virtual IT Group assist?

We’re a Cisco Premium Partner and can assist with Cisco Ransomware Defense.

Cisco Ransomware Defense brings together all the necessary pieces of the Cisco security architecture to address the ransomware challenge. You can choose all the pieces or select ones that fulfill an immediate security need. Ransomware Defense comprises:

  • Cisco Umbrella, which blocks threats at the network layer, far away from your network
  • Cisco Advanced Malware Protection (AMP) for Endpoints, which blocks malicious ransomware files from running on endpoints
  • Cisco Email Security, which stops phishing and spam messages seeking to deliver ransomware

Advanced Malware Protection can be immediately added to email security products through an easy license for static and dynamic analysis (sandboxing) of unknown attachments that traverse the Cisco Email Security gateway.

With Ransomware Defense, you can use your network as an enforcer to contain the spread of ransomware. It will not be able to propagate as easily on the network in the worst-case scenario of an infection. Cisco Security Services can provide immediate triage in the case of an outbreak. They also streamline deployments and help ensure that the solution is configured to provide the greatest possible effectiveness in your environment.

Key capabilities include:

  • Block ransomware from getting into the network or being downloaded onto laptops
  • Contain ransomware in worst-case scenarios should it enter the network
  • Shared threat intelligence across all products for a unified, concerted defence.

Interested in discovering more? Join us for our latest webinar: Cyber Security: Staying One Step Ahead on Thursday 28 May at 11am (AEST) and gain valuable insights from leading Cyber Security experts on how you can keep your data safe. Register here

Let's talk technology!

Get In Touch