Preventing CryptoLocker with Cisco AMP and OpenDNS

There’s been a recent wave of media coverage about ransomware attacks—and the havoc they’re wreaking. Ransomware like CryptoLocker involves a type of malicious software designed to block access to a computer system until a ransom is paid. The victim receives an email with a file purporting to be from a familiar company.

The Trojan, or virus, runs when the user opens the attached file. CryptoLocker takes advantage of Windows’ default behavior of hiding the extension from file names to disguise the real .exe extension of the malicious file. As soon as the victim runs it, the Trojan goes memory resident on the computer.

How to avoid CryptoLocker:

  • Be wary of emails from senders you don’t know, especially those with files attached.
  • Disabling hidden file extensions in Windows will also help recognize this type of attack.
  • It’s important to have a backup system in place for critical files to help mitigate the damage caused by malware infections as well as hardware problems and any incidents.

But if you do become infected and don’t have a backup copy of your files, it’s still best not to pay the ransom, which is never a good solution.

While preventing infections is the ideal remedy, no vendor can possibly achieve 100% prevention. But with OpenDNS and Cisco, you can significantly reduce the number of ransomware attacks across your organization.

OpenDNS Umbrella

OpenDNS Umbrella is a cloud-delivered network security service that protects any device, no matter where it’s located. OpenDNS Umbrella enforces security at the DNS layer, protecting devices on and off the corporate network. At the point of initial infiltration by the malware, OpenDNS Umbrella block the DNS request before the browser connects to the malicious site—whether the user clicked on a link or there was a redirect from a compromised site. If OpenDNS flagged the exploit or phishing domain as malicious, then Umbrella will block the connection before the compromise occurs. Umbrella also addresses another challenge related to ransomware when an infected device connects to more shared drives and infection spreads across an organization. In this case, Umbrella immediately pinpoints the source of the botnet (the group of computers and devices that are spreading the infection) to mitigate further damage.

OpenDNS uses internet activity patterns derived from 80+ billion DNS requests daily to identify attacked infrastructure being staged for the next threat. Using statistical models developed by its lab team, OpenDNS can automatically discover, classify and even predict the callback destinations used by many types of ransomware.

Cisco Advanced Malware Protection (AMP) for Endpoints

Cisco Advanced Malware Protection (AMP) for Endpoints is a new solution that provides protection against known malware files and uses continuous analysis and retrospective security to detect malware that evades initial inspection. Using a combination of file signatures, file reputation, behavioral indicators, and sandboxing, AMP can stop the initial exploit “kit” from executing on the endpoint. It can also stop the execution of the ransomware file and remove it.

AMP continuously analyzes and records all file activity on a system. If a file behaves suspiciously at a later data, AMP retrospectively detects it and alerts your security team. AMP provides a detailed recorded history of the malware’s behavior over time, including where and how it entered the network, where else it traveled, and what it is doing. Based on a set policy, AMP then automatically contains and remediates the threat, enabling the security team to manually block and remediate it with just a few clicks.

Ransomware is a risk your business can’t afford

To learn more about Cisco AMP and OpenDNS and the best way to protect your IT infrastructure from malware attacks, contact us. Our security experts can advise you on the appropriate steps to take to be proactive. The threat from ransomware is not going away. Fortunately, there are solutions that can help combat it.