Ransomware protection

There are two main types of ransomware commonly seen today:

• Crypto-ransomware will encrypt files on a computer, essentially 'scrambling' the file contents so that the user can't access it without a decryption key that can correctly 'unscramble' it. A ransom payment is demanded in return for the decryption key
• "Police-themed" ransomware will try to cloak their actions by appearing to be a warning from a local law enforcement authority, supposedly for possessing materials that are illegally downloaded, pornographic or otherwise contraband. The ransom demand is described as "payment of a fine", or similar

Ransomware is one of the most prominent cyber threats today and has attracted attention in the mainstream media in the last few years as major corporations and governments reported being compromised by the threat. Costs of ransomware vary depending on the size of the attacked business and severity of the breach, but recent ransomware attacks’ cost is measured in the millions of dollars to individual businesses.

Financial impacts on the business:

• Disruption in business operations
• Remediation costs
• Potential long-term damage if encrypted data is not recovered
• Amount of ransom paid

Well-prepared organizations use a preventive layer like endpoint protection platforms to block commodity malware threats such as ransomware, which prevents most malicious code execution in the target environment. However, advanced attackers are able to remain undetected by using low and slow attacks, eventually finding a way around the preventive layer. That’s where F‑Secure Rapid Detection & Response comes into picture.

• Broad Context Detection™: flags indications of possible breaches by alerting admins of Tactics, Techniques and Procedures (TTPs) used in targeted attacks from abnormal activity of standard programs to running of unexpected scripts. Some detection may require deeper analysis and guidance by specialized cyber security exports. To address this, the “Elevate to F-Secure” service alerts F-Secure analysts immediately and analysts will have access to the incident data to help you to solve the case.
• F-Secure Security Cloud: F-Secure Labs analysts actively monitor the threat landscape for new threats and research the most effective ways to detect ransomware, which go into updates to the rules used by the databases and analysis systems. The updates then take 60 seconds to replicate across all products connected to the Security Cloud, ensuring that they always have the latest threat intelligence.