Over the last few weeks alone we seen a high-profile case of three US hospitals under attack, and software such as remote control tool TeamViewer, which claims one billion downloads, being used as a ransomware attack vector. The Los Angeles Times has deemed 2016 the year of ransomware.
We on the ThreatSTOP security research team work diligently to protect our customers from ransomware attacks. Over the past several weeks we have introduced and updated our ThreatSTOP Shield service and ThreatSTOP DNS Firewall with thousands of indicators related to new ransomware events.
To make it easier for ThreatSTOP customers to consume this information directly, and better protect their networks and users, we had gone a step further and added two new target lists to our system which are available in Expert mode:
These ransomware targets are manually curated by our security research team, and manually validated data about distribution sites and C&Cs servers will be shared with our customers via those lists.
We have also updated several of our synthetic target lists to accommodate this addition and to make it easier for our customers to consume the data:
Note – we only block C&Cs and distribution sites for ransomware, and do not block payments sites.
We highly recommend current customers update their policies and include these targets in them to immediately increase their protection from the growing number of ransomware attacks.