<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p>Recently ThreatSTOP blocked information delivered by a couple of high-profile content distribution networks (<a href="https://en.wikipedia.org/wiki/Content_delivery_network">CDNs</a>) &nbsp;causing &nbsp;certain content to be unavailable to our customers via social media platforms.</p> <!--more--><p>What Happened</p> <p>We conducted an analysis and had reason to believe that the CDNs &nbsp;used by services with global reach such as media, social networks, ecommerce and more, were compromised and serving ransomware. Our research team cross-referenced several legitimate sources and received several confirmations that the content was in fact malicious, and this is not the first time that this specific CDN had been compromised.</p> <p>Furthermore, the information distributed by the CDN was not business critical, but rather static content for social media.&nbsp; The block should not have caused any customer outage.</p> <p>We considered the following courses of action:</p> <ul> <li>Block the malicious traffic while attempting to understand the level of risk, thus temporarily impacting our customers’ experience in trying to access several services.</li> <li>Leave it be, allowing the CDN to freely continue to distribute ransomware, potentially exposing our customers, and our customers’ customers.</li> </ul> <p>We made the decision to block the distribution of ransomware, leaving some of our customers unhappy with our decision.&nbsp;Our research team also reached out to the affected CDN, enabling them to remediate the issue.&nbsp;<strong>Less than 24 hours later </strong>we confirmed that the threat was removed and cleared the block, allowing traffic to resume to normal.</p> <p><strong>Why ThreatSTOP</strong></p> <p>Our service is intended to protect our customers from being infected with malware, and this is exactly what we did (and will continue doing). We made a bold decision to block a very high traffic resource from distributing malware in order to protect &nbsp;our customers from being infected.</p> <p>Anyone who has fallen victim to ransomware will tell you how devastating it is to experience the total loss of data and disruption to ongoing business operations.</p> <p>We apologize for any inconvenience that was caused, and continue to believe we opted for the correct course of action. We will continue to protect our customers from malware going forward.</p> <p>&nbsp;</p> <p style="margin:0;margin-bottom:.0001pt;">Irena Damsky</p> <p style="margin:0;margin-bottom:.0001pt;">Senior Director, Security Research</p></span>
