Ransomware has quickly become the most profitable type of malware ever seen, on its way to becoming a $1 billion annual market. It's commonly delivered through exploit kits, malvertising (infected ads on a website that can deliver malware), phishing (fraudulent emails masquerading as trustworthy), or spam campaigns. The actual infection can begin when someone clicks on a link or an attachment in phishing emails. Infections can also happen when users surf to sites with malicious ads that automatically infect computers. Given that ransomware can penetrate organizations in multiple ways, reducing the risk of ransomware infections requires a portfolio-based approach, rather than a single product. Ransomware must be prevented where possible, detected if it gains access to systems and contained to limit damage. Cisco Ransomware Defense calls on the Cisco security architecture to protect businesses using defenses that span from networks to the DNS layer to email to the endpoint. It is backed by industry-leading Talos threat research for the ultimate responsiveness against ransomware. Learn about Cisco Ransomware Defense: http://cisco.com/go/ransomware

1. Recognize the
accelerating threat
2015
Gaining momentum
2016
The “year of the ransom”
NUMBER 3 on the FBI’s
“Hot Topics for 2015” list1
extorted in more than
2400 complaints
to the FBI2
$24 million
$60 millioncampaign
of Angler Exploit Kit thwarted3
6-fold increase
in corporate user targets6
1
U.S. Department of Justice, Federal Bureau of Investigation, 2015 Internet Crime Report, https://pdf.ic3.gov/2015_IC3Report.pdf
2
The Federal Bureau of Investigation, “Ransomware: Latest Cyber Extortion Tool,” April 2016 https://www.fbi.gov/cleveland/press-releases/2016/ransomware-latest-cyber-extortion-tool
3
Talos, Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60m Annually from Ransomware Alone, October 2015, http://www.talosintelli-
gence.com/angler-exposed/
4
CNN Money, “Cyber-Extortion Losses Skyrocket, Says FBI,” David Fitzpatrick and Drew Griffin, April 2016, http://money.cnn.com/2016/04/15/technology/ransomware-cyber-security/
5
Ibid.
6
Security Week, “History and Statistics of Ransomware,” Kevin Townsend, June 2016, http://www.securityweek.com/history-and-statistics-ransomware
7
Cisco Talos, Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60m Annually from Ransomware Alone, October 2015, http://www.talosintelli-
gence.com/angler-exposed/
Know the Attack Vectors
Exploit kits are tools used by attackers to distribute malware.
They are often delivered through:
Web servers:
entry points for access
into the network
Web-based apps:
encrypted files spread
through social media and
instant messaging
Malvertising:
drive-by downloads
from an infected site
Email:
phishing messages and
spam with malicious links
or attachments
Infection
Vector
Command
and Control
Encryption
of Files
Request
of Ransom
Frequently
uses the web
and email
Takes control
of targeted
systems
Files become
inaccessible
Owner/company pay the
ransom (bitcoins) to free
the system
Learn More Today
Go to cisco.com/go/ransomware for Cisco’s simple,
open, automated, and effective approach to security.
$209 million
extorted in first 3 months4
$1 BILLION
in profit expected in 20165
Prevent attacks
with an architectural
approach:
One of the largest and most advanced
exploit kits, known as Angler, was used in
targeted malvertising campaigns
Exploitation of 90,000 victims a day for
$30 million annually through nearly
150 proxy servers was stopped
Detect and Disrupt
Ransomware
Cisco Talos disrupts a $60 million
annual ransomware attack7
Protection across DNS layer,
endpoints, email, web, and
network
Secure devices on and off
the network
Be prepared to detect
and contain movement of
malware quickly
Ransomware: The Reality
It’s here, it’s sophisticated—and it’s shifty!
Harm
to reputation
Malware with a hefty price tag.
Loss of
sensitive,
proprietary data
Disruption
Financial
losses