Cisco Ransomware Defense
Prevent and respond to attacks across a range of critical control points
Stop ransomware attacks
Ransomware penetrates organizations in multiple ways, so fighting it requires a multi-front strategy. Cisco protects against ransomware with an integrated platform approach across a breadth of critical control points backed by best-in-class threat intelligence and research from Talos.
Kaseya Ransomware attack
Get ongoing updates about the Kaseya VSA supply-chain attack targeting Managed Service Providers (MSPs) from our Talos team.
Kaseya’s current advice: “IMMEDIATELY shutdown your VSA server.”
Stop Zero-Day Ransomware
This demo video shows how Cisco Secure Endpoint defeats zero-day ransomware attacks with its Malicious Activity Protection technology.
Quick prevention
Ransomware protection works best if it is intelligence-driven to fight threats on multiple fronts. This requires a platform based approach such as Cisco SecureX, delivering broad visibility across critical control points to detect and protect fast and at scale.
Email ransomware protection
Cisco Secure Email blocks ransomware delivered through spam and phishing emails. It even identifies malicious attachments and URLs.
Web ransomware protection
Most ransomware attacks use DNS. Cisco Umbrella provides a fast and easy way to improve your security. It helps improve security visibility, detects compromised systems, and protects your users on and off the network by stopping threats over any port or protocol before they reach your network or endpoints.
Endpoint ransomware protection
Cisco Secure Endpoint never stops monitoring all endpoint activity, so it sees ransomware as it unfolds—then rapidly terminates offending processes, prevents endpoint encryption, and stops the ransomware attack in its tracks.
Ransomware investigation and response
Cisco SecureX is a cloud-native, built-in platform that connects our Cisco Secure portfolio and your infrastructure. It allows you to radically reduce dwell time and human-powered tasks.
Cisco Talos Incident Response has developed a ransomware plan of action (PoA) specifically for incident response, which has been tested and validated in multiple, compromised environments. Utilize the full suite of proactive and emergency services to help you be prepared to respond quickly and efficiently during your incident.
Network ransomware protection
Cisco Secure Network Analytics delivers an agentless network detection and response solution that monitors your network traffic and sees when something anomalous occurs—like a ransomware infection. Using multilayer machine learning and entity modeling to detect ransomware, you will be able to quickly accelerate your response to stop ransomware attacks.
What Is Ransomware?
Ransomware is a type of malicious software or malware. It encrypts a victim's data, after which the attacker demands a ransom. Once the ransom is paid, the attacker sends a decryption key to restore access to the victim's data. The ransom can range from a few hundred dollars to millions of dollars. Typically, payment is demanded in the form of a cryptocurrency, such as bitcoins.
How does a ransomware attack work?
Ransomware is typically distributed through a few main avenues. These include email phishing, malvertising (malicious malvertising), social engineering, and exploit kits. After ransomware is distributed, it encrypts selected files and notifies the victim of the required payment.
Mitigate Risk to Recover Faster: Inside Cisco Talos Threat Hunters
Timing is everything when it comes to threat detection and response. See how Cisco Talos Threat Hunters work around the clock to detect threats like ransomware and help businesses recover.
Ways to protect yourself from ransomware
Back up all your data
Make sure you have an enterprise data backup solution that can scale and won't experience bottlenecks when the time comes. In the event of an attack you can power down the endpoint, reimage it, and reinstall your current backup. You will have all your data and prevent the ransomware from spreading to other systems./p>
Patch your systems
Make a habit of updating your software regularly. Patching commonly exploited third-party software will foil many attacks. If possible, turn on automatic patching.
Enable multi-factor authentication
The weakest link in the security chain is usually human. Educate your users about whom and what to trust. Teach them to not fall for phishing or other schemes.
Protect your network
Take a layered approach, with security infused from the endpoint to email to the DNS layer. Use technologies such as a next-generation firewall or an intrusion prevention system (IPS).
Protect your network
Take a layered approach, with security infused from the endpoint to email to the DNS layer. Use technologies such as a next-generation firewall or an intrusion prevention system (IPS).
Segment network access
Limit the resources that an attacker can access. By dynamically controlling access to resources based on sensitivity, like confidential or critical data, you help ensure that your entire network is not compromised in a single attack.
Keep a close eye on network activity
Being able to see everything happening across your network and data center can help you uncover attacks that bypass the perimeter. Deploy a demilitarized zone (DMZ) subnetwork or add a layer of security to your local area network (LAN). Leverage security platform to effectively bring all the information together to triage, analyze, and respond quickly.
Prevent initial infiltration
Most ransomware infections occur through an email attachment or malicious download. Diligently block malicious websites, emails, and attachments through a layered security approach and a company-sanctioned file-sharing program.
Arm your endpoints
Antivirus solutions on your endpoints don't suffice anymore. Set up privileges so they perform tasks such as granting the appropriate network access or user permissions to endpoints. Two-factor authentications will also help.
Gain real-time threat intelligence
Know your enemy. Take advantage of threat intelligence from organizations such as Talos to understand the latest security information and become aware of emerging cybersecurity threats.
Engage with incident response specialists
Incident response teams provide a full suite of proactive and emergency services to help you prepare for, respond to, and recover from a breach.