What is Ransomware?

Ransomware is malicious software, or malware, that encrypts the information on a person’s computer like documents, photos and music. It will not release these files until the user pays a fee – or ransom – to unlock these files and get them back.

Ransomware has quickly become the most profitable type of malware ever seen, on its way to becoming a $1 billion annual market.

It commonly makes its way onto a computer or network through the web or email. On a website, ransomware may infiltrate through infected ads that can deliver malware, known as "malvertising". Users surf sites with malicious ads that automatically download malware or redirect them to exploit kits. In email, ransomware uses phishing or spam messages to gain a foothold. Users merely have to click links in phishing or spam email or open attachments for ransomware to download and call out to its command-and-control server.

Given that ransomware can penetrate organizations in multiple ways, reducing the risk of ransomware infections requires a portfolio-based approach, rather than a single product. Ransomware must be prevented where possible, detected if it gains access to systems and contained to limit damage.

Cisco® Ransomware Defense calls on the Cisco security architecture to protect businesses using defenses that span from networks to the DNS layer to email to the endpoint. It is backed by industry-leading Talos threat research for the ultimate responsiveness against ransomware.


Reduce Ransomware Risk

  • Cisco Umbrella protects devices on and off the corporate network. It blocks DNS requests before a device can even connect to malicious sites hosting ransomware.

  • Cisco Advanced Malware Protection (AMP) for Endpoints blocks ransomware files from opening on endpoints.

  • Cisco Email Security with Advanced Malware Protection (AMP) blocks spam and phishing emails and malicious email attachments and URLs. The AMP technology is the same at that applied on the endpoint, but it’s deployed at the email gateway.

  • Cisco Firepower Next-Generation Firewall with Advanced Malware Protection (AMP) and Threat Grid sandboxing technology blocks known threats and command-and-control callbacks while providing dynamic analysis for unknown malware and threats.

  • Cisco ISE via the Cisco network to dynamically segment your network, so access to services and applications stays highly secure and ransomware cannot spread laterally.

  • Cisco Security Services provide immediate triage in the case of incident response. They also streamline deployments of AMP, NGFW, and other solution products.

Learn More about Cisco Ransomware Defense Solutions

Check out the latest Cisco Cybersecurity Report



Comstor is a registered trademark and trademark of Westcon Group, Inc.
© 2016 Westcon Group, Inc. All rights reserved.