Threat Intelligence Blog

We’ve all heard that ransomware is on the rise, but just how much? Looking back to 2016, statistics show that there were 4,000 daily ransomware attacks, a 300% increase from 2015, and businesses were hit by ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! every 40 seconds.[1,2] Additionally, 48% of affected businesses paid the ransom, with an average payment of $2,500 (7% admitted to paying over $10k).[3]

It probably goes without saying, but ransomware is a type of malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. that infects computer systems, restricting users’ access to the infected systems and temporarily or permanently rendering them inaccessible unless a “ransom” is paid within a specific time period. Ransomware is delivered via botnets, exploit kits and most commonly: spamSPAM: Email or postings containing irrelevant, inappropriate or indiscriminate messages sent to a large number of recipients. LookingGlass Cyber (n) - tons and tons of emails sent out with no relevance to anyone, or anything. and phishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. emails.

Since most ransomware comes through email attachments, the majority of organization’s have focused on fighting this threat with personal training, managing soft targets, and enhancing spam filters. However, while cyber safety training should be a key part of every security posture (and we encourage it at every company), it’s only a part of a security strategy, not a silver bullet.

Data feeds, specifically those that catch phishing URLs, malicious URLs and malicious command and control (C2), are a crucial part, and first step, of fighting ransomware. To be completely useful, this intelligence should be continuously updated, providing threats in real-time.

However, having high-quality threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... feeds is only half of the battle. While these will keep you informed of live threats trying to breach your network, to truly operationalize data feeds, they need to be used in conjunction with an automated blocking mechanism.

The consensus across the industry is that “current technologies are not considered sufficient to prevent ransomware infections,” and according to a Ponemon poll, only 27% of organizations are confident that their current software solutions will protect them and stop ransomware attacks.

This is where the threat intelligence gateway comes in to play. This threat mitigation appliance, a new category in the evolution of security infrastructure, works with firewalls to identify and stop rapidly emerging threats. For your threat intelligence gateway to be effective, it should include these key technologies:

  • Highly actionable, analyst vetted machine-readable threat intelligence (MRTI)
  • An inline inspectin and mitigation appliance that supports up to 10Gbps line rate, which performs per packet correlation with MRTI
  • Real-time integration with MRTI
  • Optional component that allows integration with a threat intelligence platform so organizations can further refine MRTI that drives mitigation steps

As the Internet of Things continues to grow, the number of environments for ransomware is greater than ever before. Only an organization that has a broad portfolio of systems and applications can truly fight ransomware, and any other sophisticated attacks that will emerge as cyber threats continue to evolve. Turning to an end-to-end solution – one that utilizes MRTI, mitigation, and threat platforms – will shorten response times and mitigate live threats in a more effective and efficient manner.


[1] FBI Ransomware Prevention and Response for CISOs

[2] Kaspersky Labs

[3] Ponemon: The Rise of Ransomware

Additional Posts

LookingGlass Speaks on Fighting the Cyberwar at Today’s General Counsel

LookingGlass™ Cyber Solutions, a leader in threat intelligence driven security, today announced ...

Weekly Threat Intelligence Brief: April 18, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest ...