Ransomware is the fastest growing cyberthreat today. Where national governments and large enterprises were once the primary targets, now local governments and smaller organizations have become targets with the average ransom costing over US$40K.
Over the course of several articles, we will discuss Sangfor’s solution for Total Protection Against Ransomware in-depth, and learn about the protection it provides.
The Kill Chain
Ransomware is malware that follows a specific sequence of events call a “Kill Chain,” to infect and spread.
The ransomware kill chain has four (4) main steps:
1. Infection: How malware gets into the organization, bypassing security protection and installing itself on systems within.
2. Command & Control (C&C or C2): This malware communicates with a server on the internet to download instructions on what to do next. In this case, the instructions tell the malware to install ransomware and encrypt data.
3. Exploitation: How the ransomware rapidly encrypts data on systems and on the network.
4. Propagation: How ransomware spreads throughout the network, infecting other systems in the organization.
Security point products alone have not been effective at blocking the steps in the Kill Chain. WannaCry, the most insidious and successful strain of ransomware to date, infected over 200,000 systems across 150 countries in only 4 days. Yet, every organization infected had network firewalls, anti-virus or endpoint security products protecting them. Security point products each have a sphere of influence and there is little overlap between the different spheres.
Today’s ransomware is very sophisticated and understands these gaps between spheres of influence and takes advantage of the gaps to easily infiltrate an organization. A more holistic solution is needed to better overlap and reduce these gaps to break the kill chain.
Look for the next dedicated blog post to learn about how Sangfor’s Total Protection Against Ransomware solution stops each step in the ransomware kill chain.