• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Free Trial
  • Contact us
  • Blog
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Products
    • Product
      • Cisco Umbrella Cloud Security Service
      • Cisco Umbrella Investigate
      • Product Packages
      • Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Interactive Intelligence
      • Cloud-Delivered Firewall
    •  
    • Webinar signup
  • Solutions
    • By Need
      • Protect Mobile Users
      • Fast Incident Response
      • Web Content Filtering
      • Shadow IT Discovery & App Blocking
      • Unified Threat Enforcement
      • Reduce Security Infections
      • Secure Direct Internet Access
      • Securing Remote and Roaming Users
    • By Network
      • Protect Guest Wi-Fi
      • SD-WAN Security
      • Off-Network Endpoint Security
    • By Industry
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
      • Our Customers
      • Customer Stories
    • Ransomware Defense for Dummies book
  • Why Us
    • Fast Reliable Cloud
      • Cloud Security Infrastructure
      • Cloud Network Status
      • Cloud Network Activity
      • Recursive DNS Services
      • Top Reasons to Trial
      • Getting Started
    • Unmatched Intelligence
      • Cyber Attack Prevention
      • Interactive Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco SD-WAN
    • Navigation-dropdown-promo-free-trial_102820
  • Resources
    • Content Library
      • Top Resources
      • Analyst Reports
      • Case Studies
      • Customer Videos
      • Datasheets
      • eBooks
      • Infographics
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • Cisco Umbrella Blog
      • Latest Posts
      • Security Posts
      • Research Posts
      • Threats Posts
      • Product Posts
      • Spotlight
    • For Customers
      • Support
      • Customer Success Hub
      • Umbrella Deployment Hub
      • Customer Success Webinars
      • What’s New
      • Cisco Umbrella Studio
  • Trends & Threats
    • Market Trends
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
      • Secure Access Service Edge (SASE)
    • Security Threats
      • Ransomware
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
    •  
    • 2020 Cybersecurity trends
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Become a partner
  • Free Trial Signup
  • Umbrella Login
  • Cloudlock Login
  • Contact Us
Security

Easy, Cheap, and Costly: Ransomware is Growing Exponentially

By Owen Lystrup
Posted on September 2, 2015
Updated on April 8, 2020

Share

Facebook0Tweet0LinkedIn0

Anti-virus companies, Internet security firms, and threat intelligence providers — as well as the security researcher population in general — are all warning of an eruption of ransomware, one fueled by motivated attackers,  cheap infrastructure, and ransomware-as-a-service software.
For the uninitiated, ransomware is the currently ubiquitous term for malicious software designed to remotely prevent a user’s access to devices or files until a ransom is paid, usually in the form of Bitcoin. The scenario goes, while using a device or laptop like normal to browse or e-mail or hunt for videos, a sudden message pops up like the one pictured. Now irreplaceable family photos, music files, work documents, tax returns, or any data of value are all inaccessible — unless you pay, of course.

CTB Ransomware
An example of a CTB Ransomware demand pop up.

As far as cyberattacks go, ransomware is one of the most straightforward in terms of end goal. After an initial compromise — usually through a phishing attempt — the malware infection sits quietly, evading antivirus and malware detection, and sends confirmation to a far-off controller that it has successfully infected a host. Then it gets instruction to lock the device or encrypt files and display a message demanding payment.
For now ransomware is only affecting computers. Attackers are largely indiscriminate when picking a target, home machine or office laptop, doesn’t make a difference as long as someone pays. But according to some, there is a real possibility that ransomware model will move to other devices and internet-connected appliances, or even automobiles. Imagine hopping into your car late for the morning commute when up pops a message on the nav screen that it won’t drive until a random e-mail address gets a payment of $250 in Bitcoin.
Just days ago, McAfee released a report citing a 58 percent growth in ransomware in Q2 alone. The accelerated growth is attributable to two main causes. First, attacks are cheaper and easier than ever to run. The availability of as-a-service malware options on public Github with helpful YouTube demos lowers the technical bar significantly. And second, those infected by ransomware campaigns seem willing to pay often enough that ransomware continues to be an enticing scheme. The money, according to most estimates, is really good.

Ransomware graph
McAfee’s security report shows the growth of ransomware quarter over quarter. Graphic: McAfee, Inc.

OpenDNS Security Researcher Kevin Bottomley demonstrated at BSSides SF earlier this year just how easy and cheap it is to set up a phishing site that spoofs a real login page and looks strikingly legitimate. And in a blog post last month, he laid out the various flavors of ransomware one can encounter regularly. With a cheap phishing site and easy access to malware tools, it’s easier than ever to begin a campaign.
As for mitigating ransomware, it can often depend on the type of infection. “It should be noted that not all ransomware is created equal,” Bottomley wrote, “nor do they all act in the same way, but they all tend to leave (for the most part) a footprint that can be used to track and locate where it lives on the Internet.” This footprint means it could be possible to trace where attacks originate and block the related offending IP spaces and hostnames before they infect other users.
Protecting PCs individually is more straightforward, for now. A mid-year security report from Cisco security researchers suggests backups as the most effective way of protecting your data. Once files are encrypted by ransomware, be it work spreadsheets or family photos, the data can be nearly impossible to decrypt without a decryption key, which might mean losing it forever. Wiping and restoring is therefore an exercise that might become much more prevalent as a result.
“Users can protect themselves from ransomware by backing up their most valuable files,” the Cisco report authors wrote. “Users should also realize that their system could be at risk even after they pay a ransom and decrypt their files.”
There are other suggestions for protecting against ransomware attacks including endpoint protection, monitoring network traffic, end-user awareness training for phishing, and others. But the best way to not fear losing data, is knowing you can get it back. Like Jon Jacobi wrote in a simple, useful guide to backing up for PCWorld, it’s best to start backing up now. Yes, now.
To test your knowledge of phishing, try our online phishing quiz. If your score is low, it might be time to get some training
What are your ransomware suggestions? Share in the comments section or tweet @owen_lystrup or @opendns.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Cisco Umbrella Blog
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Cisco Umbrella

Learn more

  • Events
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2021 Cisco Umbrella