Current Wave of Ransomware

Today, ransomware like Cryptolocker is hitting organizations around the globe. At Check Point, we can help prevent these ransomware attacks through a multi-layered approach to security.

The current round of ransomware is coming in through two different methods: via malicious ads and via phishing links in e-mail. A common thread amongst both these methods of attack is sites protected by SSL/TLS. Most of the cyber-criminal are using HTTPS encrypted sites to infect computers with ransomware. This means that in order to protect your organization against these types of threats it is vital that HTTPS inspection is enabled on your gateway. Prior to enabling, you should ensure that there is sufficient capacity on your gateway to handle the additional work of enabling HTTPS inspection. This will enable Check Point’s multi-layered security controls to inspect inside SSL/TLS encrypted communications and prevent ransomware.

The malicious ads technique used by these cyber criminals can in most cases be prevented by enabling and updating Check Point IPS signatures and ensuring that the CPAI-2015-0002 (Angler Landing Page) signature is set to prevent. The Angler exploit kit is a commonly used method of infecting a PC and installing all kinds of malware including ransomware. This method however is not the most common. Currently the most widely spread way of infecting PCs with Cryptolocker is via phishing e-mails.

For more information on these attacks and how to protect them, please view our solution brief.