Protecting your organisation against ransomware

Australia is one of the world’s primary targets for cyber-attacks, with CISCO research finding at least one in two local businesses experience related operational interruptions on an annual basis. To ensure complete protection of your business networks, integrating a layered architectural approach to cyber security can facilitate the greatest reduction in ransomware risk. As a Cisco Systems Advanced Security Architecture partner, we work closely with Cisco Systems to deliver security solutions that effectively prevent, detect, and respond to ransomware attacks.

Ransomware is malicious software, or malware, that encrypts the information on a person’s computer. It will not release these files until the user pays a fee — or ransom — to unlock these files and get them back. Ransomware has quickly become the most profitable type of malware ever seen and is on its way to becoming a $1 billion annual market.

Cube Cyber is a Cisco Systems Advanced Security Architecture partner. We work closely with Cisco Systems to delivery products and services that provide you with the security capability required to effectively prevent, detect, and respond to ransomware attacks.

TALK TO US TODAY

Ransomeware FAQ’s

The basics you need to know

Ransomware commonly makes its way onto a computer or network through the web or email. On a website, ransomware may infiltrate through infected ads that can deliver malware, known as “malvertising.” Users surf sites with malicious ads that automatically download malware or redirect them to exploit kits. In email, ransomware uses phishing or spam messages to gain a foothold. Users merely have to click links in phishing or spam email or open attachments for ransomware to download and call out to its command-and- control server.

Ransomware commonly makes its way onto a computer or network through the web or email. On a website, ransomware may infiltrate through infected ads that can deliver malware, known as “malvertising.” Users surf sites with malicious ads that automatically download malware or redirect them to exploit kits. In email, ransomware uses phishing or spam messages to gain a foothold. Users merely have to click links in phishing or spam email or open attachments for ransomware to download and call out to its command-and- control server.

Ransomware can also take control of systems by using exploit kits. Exploit kits are software kits designed to identify software vulnerabilities on end systems. They then upload and run malicious code, such as ransomware, on those vulnerable systems.

Ransomware can also take control of systems by using exploit kits. Exploit kits are software kits designed to identify software vulnerabilities on end systems. They then upload and run malicious code, such as ransomware, on those vulnerable systems.

Ransomware can also take control of systems by using exploit kits. Exploit kits are software kits designed to identify software vulnerabilities on end systems. They then upload and run malicious code, such as ransomware, on those vulnerable systems.

 

The term “kill chain” refers to the ability to block an attack at any of these specific stages if the correct capabilities can be employed. The kill chain helps us understand and combat ransomware, security breaches, and advanced persistent attacks (APTs).

RECON: The attacker gathers information to help them create seemingly trustworthy places and messages to stage their malvertisements and phishing emails.

STAGE: Using information collected during RECON, the cybercriminals try to fool users into opening e-mails or clicking on links.

LAUNCH: The staging sites redirect from trustworthy-looking sites to sites that launch the exploit kits and/or other malicious content.

EXPLOIT: When a user is at the compromised site, their system is scanned for vulnerabilities that are then exploited to take control of the user’s system.

INSTALL: Once an exploit has taken control, the final dropped file/tool is installed that will infect and encrypt the victim’s system—the ransomware payload. This stage may also include additional executables to deliver other malware in the future.

CALLBACK: Once infected, the malware “calls home” to a command-and-control server (C2) where it retrieves keys to perform the encryption or receive additional instructions.

PERSIST: The files on the hard disk, mapped network drives, and USB devices are encrypted and a notice or splash screen pops up with instructions to pay the ransom to restore the original files. This notice persists, and at times deletes files, as a timer counts down to the expiration of being able to retrieve the unlock keys, putting extreme pressure on the user. Additionally, the exploit kit can persist and pivot to other more critical systems.

No single product or service can provide security through every step of the kill chain. By understanding the specific stages of the kill chain, you tailor security capabilities to create multiple layers of defence in order to identify ways to prevent, detect, and respond to ransomware attacks:

  • Prevent ransomware from getting into the enterprise wherever possible
  • Stop it at the system level before it gains command and control
  • Detect when it is present in the network
  • Work to contain it from expanding to additional systems and network areas
  • Perform incident response to fix the vulnerabilities and areas that were attacked
  • The diagram below maps security capability to each stage of the kill chain

Cisco Ransomware Defence brings together all the necessary pieces of the Cisco security architecture to address the ransomware challenge. You can choose all the pieces or select ones that fulfil an immediate security need. The Cisco Ransomware Defence solution provides an integrated and multi-layered approach to dealing with this danger. Each security element provides protection from a multitude of external and internal threats but when brought together as an integrated system, the Cisco solution offers unprecedented visibility and control.
Cube Cyber is a Cisco Systems Advanced Security Architecture partner. We work closely with Cisco Systems to delivery products and services that provide you with the security capability required to effectively prevent, detect, and respond to ransomware attacks.

Ransomware Defence comprises:

  • Cisco Umbrella protects devices on and off the corporate network. It blocks DNS requests before a device can even connect to malicious sites hosting ransomware.
  • Cisco Advanced Malware Protection (AMP) for Endpoints blocks ransomware files from opening on endpoints.
  • Cisco Email Security with Advanced Malware Protection (AMP) blocks spam and phishing emails and malicious email attachments and URLs. The AMP technology is the same at that applied on the endpoint, but it’s deployed at the email gateway.
  • Cisco Firepower Next-Generation Firewall with Advanced Malware Protection (AMP) and Threat Grid sandboxing technology blocks known threats and command-and-control callbacks while providing dynamic analysis for unknown malware and threats.
  • Cisco ISE via the Cisco network to dynamically segment your network, so access to services and applications stays highly secure and ransomware cannot spread laterally.

The Cube Cyber Difference

Maximise efficiency, performance and potential

With decades of cybersecurity experience, the team at Cube Cyber pride ourselves on delivering effective security solutions to real threats. Our team have a proven track record of delivering these solutions to both small and large complex network environments.

The key differences you will find working with us include:

  • A philosophy of long term partnering and engagement with our clients
  • A commitment to lower risk, lower complexity and increased effectiveness
  • Properly engineered systems approach addressing the full operational lifecycle
  • Professionally commissioned systems with focus on design, testing and operational integrity
  • A focus on cybersecurity you won’t find elsewhere – it is all we do.

ASK US TODAY

Secure your business against a cyber attack.

CONTACT A SECURITY EXPERT