A potent ransomware attack – WannaCry – described as unprecedented in scale was unleashed on May 12, affecting numerous organizations across the globe. Industries in the crosshairs reportedly included telecommunications, health care, and transportation. It is believed the attack has spread to nearly 150 countries.
The attack infected more than 230,000 computers, with the software demanding bitcoin ransom payments.
As the investigation into the source and the extent of this ransomware threat continues, Cisco reports that its Cisco Umbrella customers who were blocking the “Newly Seen Domains” category were protected within minutes of the attack. As the industry’s first Secure Internet Gateway in the cloud, Cisco Umbrella provides the first line of defense against threats on the internet. Since Umbrella is delivered from the cloud, it is the easiest and quickest way to protect all users.
Cisco Umbrella solutions are available through Comstor and the Comstor Security Initiative (CSI), a development program designed to help you build a successful Cisco Security practice. This comprehensive program provides focused consulting, best practices, education, training, tools and tactics for core business functions, including: Executive, sales, engineering and marketing.
The malware responsible for the recent attack is a ransomware variant known as “WannaCry.” The malware spreads similar to a worm, compromising hosts, encrypting files stored on them and then demanding a ransom payment. This threat does not simply scan internally and determine where to spread – it can spread based on vulnerabilities found in other externally facing hosts across the internet.
Attackers often use new domains as part of phishing campaigns, exploit kits, ransomware, and other threats. These new domains serve multiple purposes including acting as a way to distribute malware, exfiltrate data, or trick people into clicking on phishing links. By creating new domains instead of reusing domains from previous threats, attackers can outsmart security systems that rely on reputation scores.
Cisco Talos, the industry-leading threat intelligence organization dedicated to providing protection before, during, and after cybersecurity attacks, has been actively involved in investigations. The Talos team collects information about existing and developing threats and provides comprehensive protection against more attacks and malware than anyone else. All Cisco security products utilize Talos threat intelligence, providing fast and effective security solutions.
Moving forward from this attack – and preparing for the inevitable next occurrence – Cisco offers a number of options to help reduce, if not eliminate, exposure.