Solution Briefs

How MSPs Can Combat Ransomware Attacks

Issue link:

Contents of this Issue


Page 0 of 1

© 2016 Cisco and/or its affiliates. All rights reserved. Does Cisco Umbrella for MSPs block ransomware? This is one of the most common questions that we hear from customers. In reality, the answer for any security provider — including Cisco — is seldom an absolute "yes" or "no." It really depends on how each variant arrives onto your systems, as well as its order of operations for encrypting data for ransom. However, with Cisco you can significantly reduce the number of ransomware infections across your organization. Prevent and contain ransomware with Cisco Umbrella Phases of ransomware attacks Attackers have many ways to initiate an attack—everything from common malvertising and phishing methods to sophisticated thumbdrive drop tactics. The infections can begin when users click on links in phishing emails or if malicious ads or compromised sites redirect users to domains hosting exploit kits (e.g. 'Angler,' 'Zeus,' 'Nuclear,' etc.). Exploit kits can also be delivered via email attachments or infected thumbdrives. Interestingly, this initial payload is not the ransomware. Assuming the initial payload successfully exploits a system, it analyzes its environment (e.g. OS, unpatched applications) to select an effective ransomware variant. At this point, a callback is made to a ransomware drop host to retrieve the private keys needed to encrypt the endpoint. Most popular exploit kits have to resolve a domain name to an IP address to initiate the callback. Although variants of ransomware behave differently — for example, SamSam uses a built-in encryption key that doesn't require a C2 callback and other variants use Tor-based Onion Routing or IP-only callbacks that avoid DNS — there are many ways that Cisco can help. Waste less time fighting ransomware attacks. S O LU T I O N B R I E F Exploit or phishing domains Compromised sites and malvertising Phishing spam Web redirect Web link File drop Email attachment C2 callbacks C2 callbacks Nuclear Trojan Ransomware Other malware Angler Malware and botnet infrastructure Rig

Articles in this issue

view archives of Solution Briefs - How MSPs Can Combat Ransomware Attacks