What is ransomware? Ransomware is a type of malware (malicious software) designed to restrict access to a computer system until an amount of money is paid. It can be thought of as “data kidnapping” with the demand that the user pay a ransom to the malware operators in order to unlock or access their hijacked files.
The first phase of a ransomware attack is the initiation. Attackers have multi ways of initiating an attack. This can be done through phishing techniques, malvertising, or even complex thumbdrive drop tactics. An infection can be caused when a user clicks on a link in a phishing email or if compromised sites or ads redirect them to domains hosting exploit kits. Exploit kits are designed to run on web servers and upload and execute malicious software on a user’s computer system. Exploit kits can be found in email attachments or infected thumbdrives. However this initiation phase is not the ransomware itself. Once the initiation takes place there are 5 stages of a ransomware attack: 1. installation, 2. contacting headquarters, 3. handshake and keys, 4. encryption, 5. extortion.
What is OpenDNS and does it block ransomware? OpenDNS is a cloud-based security product that was acquired by Cisco in August of 2015. OpenDNS is a service that extends the Domain Name System (DNS) by adding features such content filtering and phishing protection. OpenDNS and Cisco have proven to significantly reduce the number of ransomware attacks across organizations. The company’s cloud computing security product consists of an OpenDNS Umbrella and a Cisco AMP for Endpoints which are used to protect users from phishing, malware, and other targeted attacks. The OpenDNS Umbrella works to protect devices at the DNS layer. It works to block users from web redirects, web links, and C2 callbacks. While Cisco AMP (advanced malware protection) for Endpoints blocks known malware files, email attachments, as well as detects malware that escapes the initial inspection phase. For more information about OpenDNS and Cisco AMP for Endpoints click here.