Threat Intelligence Blog

Posted April 24, 2017

We’ve all heard that ransomware is on the rise, but just how much? Looking back to 2016, statistics show that there were 4,000 daily ransomware attacks, a 300% increase from 2015, and businesses were hit by ransomware every 40 seconds.[1,2] Additionally, 48% of affected businesses paid the ransom, with an average payment of $2,500 (7% admitted to paying over $10k).[3]

It probably goes without saying, but ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems and temporarily or permanently rendering them inaccessible unless a “ransom” is paid within a specific time period. Ransomware is delivered via botnets, exploit kits and most commonly: spam and phishing emails.

Since most ransomware comes through email attachments, the majority of organization’s have focused on fighting this threat with personal training, managing soft targets, and enhancing spam filters. However, while cyber safety training should be a key part of every security posture (and we encourage it at every company), it’s only a part of a security strategy, not a silver bullet.

Data feeds, specifically those that catch phishing URLs, malicious URLs and malicious command and control (C2), are a crucial part, and first step, of fighting ransomware. To be completely useful, this intelligence should be continuously updated, providing threats in real-time.

However, having high-quality threat intelligence feeds is only half of the battle. While these will keep you informed of live threats trying to breach your network, to truly operationalize data feeds, they need to be used in conjunction with an automated blocking mechanism.

The consensus across the industry is that “current technologies are not considered sufficient to prevent ransomware infections,” and according to a Ponemon poll, only 27% of organizations are confident that their current software solutions will protect them and stop ransomware attacks.

This is where the threat intelligence gateway comes in to play. This threat mitigation appliance, a new category in the evolution of security infrastructure, works with firewalls to identify and stop rapidly emerging threats. For your threat intelligence gateway to be effective, it should include these key technologies:

  • Highly actionable, analyst vetted machine-readable threat intelligence (MRTI)
  • An inline inspectin and mitigation appliance that supports up to 10Gbps line rate, which performs per packet correlation with MRTI
  • Real-time integration with MRTI
  • Optional component that allows integration with a threat intelligence platform so organizations can further refine MRTI that drives mitigation steps

As the Internet of Things continues to grow, the number of environments for ransomware is greater than ever before. Only an organization that has a broad portfolio of systems and applications can truly fight ransomware, and any other sophisticated attacks that will emerge as cyber threats continue to evolve. Turning to an end-to-end solution – one that utilizes MRTI, mitigation, and threat platforms – will shorten response times and mitigate live threats in a more effective and efficient manner.

[1] FBI Ransomware Prevention and Response for CISOs

[2] Kaspersky Labs

[3] Ponemon: The Rise of Ransomware

Additional Posts

LookingGlass Speaks on Fighting the Cyberwar at Today’s General Counsel

LookingGlass® Cyber Solutions, a leader in threat intelligence driven security, today ...

Weekly Threat Intelligence Brief: April 18, 2017

This weekly brief highlights the latest threat intelligence news to provide insight into the latest ...