• Skip to primary navigation
  • Skip to main content
  • Skip to footer

Cisco Umbrella

Enterprise network security

  • Contact Sales
  • Login
    • Umbrella Login
    • Cloudlock Login
  • Why Us
    • Why Cisco Umbrella
      • Why Try Umbrella
      • Why DNS Security
      • Why Umbrella SASE
      • Our Customers
      • Customer Stories
      • Why Cisco Secure
    • Fast Reliable Cloud
      • Global Cloud Architecture
      • Cloud Network Status
      • Global Cloud Network Activity
    • Unmatched Intelligence
      • A New Approach to Cybersecurity
      • Interactive Intelligence
      • Cyber Attack Prevention
      • Umbrella and Cisco Talos Threat Intelligence
    • Extensive Integrations
      • IT Security Integrations
      • Hardware Integrations
      • Meraki Integration
      • Cisco Umbrella and SecureX
  • Products
    • Cisco Umbrella Products
      • Cisco Umbrella Cloud Security Service
      • Recursive DNS Services
      • Cisco Umbrella SIG
      • Umbrella Investigate
      • What’s New
    • Product Packages
      • Cisco Umbrella Package Comparison
      • – DNS Security Essentials Package
      • – DNS Security Advantage Package
      • – SIG Essentials Package
      • – SIG Advantage Package
      • Umbrella Support Packages
    • Functionality
      • DNS-Layer Security
      • Secure Web Gateway
      • Cloud Access Security Broker (CASB)
      • Cloud Data Loss Prevention (DLP)
      • Cloud-Delivered Firewall
      • Cloud Malware Protection
      • Remote Browser Isolation (RBI)
    • Man on a laptop with headphones on. He is attending a Cisco Umbrella Live Demo
  • Solutions
    • SASE & SSE Solutions
      • Cisco Umbrella SASE
      • Secure Access Service Edge (SASE)
      • What is SASE
      • What is Security Service Edge (SSE)
    • Functionality Solutions
      • Web Content Filtering
      • Secure Direct Internet Access
      • Shadow IT Discovery & App Blocking
      • Fast Incident Response
      • Unified Threat Management
      • Protect Mobile Users
      • Securing Remote and Roaming Users
    • Network Solutions
      • Guest Wi-Fi Security
      • SD-WAN Security
      • Off-Network Endpoint Security
    • Industry Solutions
      • Government and Public Sector Cybersecurity
      • Financial Services Security
      • Cybersecurity for Manufacturing
      • Higher Education Security
      • K-12 Schools Security
      • Healthcare, Retail and Hospitality Security
      • Enterprise Cloud Security
      • Small Business Cybersecurity
  • Resources
    • Content Library
      • Top Resources
      • Cybersecurity Webinars
      • Events
      • Research Reports
      • Case Studies
      • Videos
      • Datasheets
      • eBooks
      • Solution Briefs
    • International Documents
      • Deutsch/German
      • Español/Spanish
      • Français/French
      • Italiano/Italian
      • 日本語/Japanese
    • For Customers
      • Support
      • Customer Success Webinars
      • Cisco Umbrella Studio
    • Get the 2022 Cloud Scurity Comparison Guide
  • Trends & Threats
    • Market Trends
      • Hybrid Workforce
      • Rise of Remote Workers
      • Secure Internet Gateway (SIG)
    • Security Threats
      • How to Stop Phishing Attacks
      • Malware Detection and Protection
      • Ransomware is on the Rise
      • Cryptomining Malware Protection
      • Cybersecurity Threat Landscape
      • Global Cyber Threat Intelligence
      • Cyber Threat Categories and Definitions
    •  
    • Woman connecting confidently to any device anywhere
  • Partners
    • Channel Partners
      • Partner Program
      • Become a Partner
    • Service Providers
      • Secure Connectivity
      • Managed Security for MSSPs
      • Managed IT for MSPs
    •  
    • Person looking down at laptop. They are connecting and working securely
  • Blog
    • News & Product Posts
      • Latest Posts
      • Products & Services
      • Customer Focus
      • Feature Spotlight
    • Cybersecurity Posts
      • Security
      • Threats
      • Cybersecurity Threat Spotlight
      • Research
    •  
    • Register for a webinar - with illustration of connecting securely to the cloud
  • Contact Us
  • Umbrella Login
  • Cloudlock Login
  • Free Trial
Security

Easy, Cheap, and Costly: Ransomware is Growing Exponentially

By Owen Lystrup
Posted on September 2, 2015
Updated on April 8, 2020

Share

FacebookTweetLinkedIn

Anti-virus companies, Internet security firms, and threat intelligence providers — as well as the security researcher population in general — are all warning of an eruption of ransomware, one fueled by motivated attackers,  cheap infrastructure, and ransomware-as-a-service software.
For the uninitiated, ransomware is the currently ubiquitous term for malicious software designed to remotely prevent a user’s access to devices or files until a ransom is paid, usually in the form of Bitcoin. The scenario goes, while using a device or laptop like normal to browse or e-mail or hunt for videos, a sudden message pops up like the one pictured. Now irreplaceable family photos, music files, work documents, tax returns, or any data of value are all inaccessible — unless you pay, of course.

CTB Ransomware
An example of a CTB Ransomware demand pop up.

As far as cyberattacks go, ransomware is one of the most straightforward in terms of end goal. After an initial compromise — usually through a phishing attempt — the malware infection sits quietly, evading antivirus and malware detection, and sends confirmation to a far-off controller that it has successfully infected a host. Then it gets instruction to lock the device or encrypt files and display a message demanding payment.
For now ransomware is only affecting computers. Attackers are largely indiscriminate when picking a target, home machine or office laptop, doesn’t make a difference as long as someone pays. But according to some, there is a real possibility that ransomware model will move to other devices and internet-connected appliances, or even automobiles. Imagine hopping into your car late for the morning commute when up pops a message on the nav screen that it won’t drive until a random e-mail address gets a payment of $250 in Bitcoin.
Just days ago, McAfee released a report citing a 58 percent growth in ransomware in Q2 alone. The accelerated growth is attributable to two main causes. First, attacks are cheaper and easier than ever to run. The availability of as-a-service malware options on public Github with helpful YouTube demos lowers the technical bar significantly. And second, those infected by ransomware campaigns seem willing to pay often enough that ransomware continues to be an enticing scheme. The money, according to most estimates, is really good.

Ransomware graph
McAfee’s security report shows the growth of ransomware quarter over quarter. Graphic: McAfee, Inc.

OpenDNS Security Researcher Kevin Bottomley demonstrated at BSSides SF earlier this year just how easy and cheap it is to set up a phishing site that spoofs a real login page and looks strikingly legitimate. And in a blog post last month, he laid out the various flavors of ransomware one can encounter regularly. With a cheap phishing site and easy access to malware tools, it’s easier than ever to begin a campaign.
As for mitigating ransomware, it can often depend on the type of infection. “It should be noted that not all ransomware is created equal,” Bottomley wrote, “nor do they all act in the same way, but they all tend to leave (for the most part) a footprint that can be used to track and locate where it lives on the Internet.” This footprint means it could be possible to trace where attacks originate and block the related offending IP spaces and hostnames before they infect other users.
Protecting PCs individually is more straightforward, for now. A mid-year security report from Cisco security researchers suggests backups as the most effective way of protecting your data. Once files are encrypted by ransomware, be it work spreadsheets or family photos, the data can be nearly impossible to decrypt without a decryption key, which might mean losing it forever. Wiping and restoring is therefore an exercise that might become much more prevalent as a result.
“Users can protect themselves from ransomware by backing up their most valuable files,” the Cisco report authors wrote. “Users should also realize that their system could be at risk even after they pay a ransom and decrypt their files.”
There are other suggestions for protecting against ransomware attacks including endpoint protection, monitoring network traffic, end-user awareness training for phishing, and others. But the best way to not fear losing data, is knowing you can get it back. Like Jon Jacobi wrote in a simple, useful guide to backing up for PCWorld, it’s best to start backing up now. Yes, now.
To test your knowledge of phishing, try our online phishing quiz. If your score is low, it might be time to get some training
What are your ransomware suggestions? Share in the comments section or tweet @owen_lystrup or @opendns.

Previous Post:

Previous Article

Next Post:

Next Article

Follow Us

  • Twitter
  • Facebook
  • LinkedIn
  • YouTube

Footer Sections

What we make

  • Cloud Security Service
  • DNS-Layer Network Security
  • Secure Web Gateway
  • Security Packages

Who we are

  • Global Cloud Architecture
  • Cloud Network Status
  • Cloud Network Activity
  • OpenDNS is now Umbrella
  • Cisco Umbrella Blog

Learn more

  • Webinars
  • Careers
  • Support
  • Cisco Umbrella Live Demo
  • Contact Sales
Umbrella by Cisco
208.67.222.222+208.67.220.220
2620:119:35::35+2620:119:53::53
Sign up for a Free Trial
  • Cisco Online Privacy Statement
  • Terms of Service
  • Sitemap

© 2023 Cisco Umbrella