What is Ransomware?
Ransomware is malicious software, or malware, that encrypts the information on a person’s computer like documents, photos and music. It will not release these files until the user pays a fee – or ransom – to unlock these files and get them back.
Ransomware has quickly become the most profitable type of malware ever seen, on its way to becoming a $1 billion annual market.
It commonly makes its way onto a computer or network through the web or email. On a website, ransomware may infiltrate through infected ads that can deliver malware, known as "malvertising". Users surf sites with malicious ads that automatically download malware or redirect them to exploit kits. In email, ransomware uses phishing or spam messages to gain a foothold. Users merely have to click links in phishing or spam email or open attachments for ransomware to download and call out to its command-and-control server.
Given that ransomware can penetrate organizations in multiple ways, reducing the risk of ransomware infections requires a portfolio-based approach, rather than a single product. Ransomware must be prevented where possible, detected if it gains access to systems and contained to limit damage.
Cisco® Ransomware Defense calls on the Cisco security architecture to protect businesses using defenses that span from networks to the DNS layer to email to the endpoint. It is backed by industry-leading Talos threat research for the ultimate responsiveness against ransomware.