$325 million business called CryptoWall

Trending ransomware last year was called Cryptowall that managed to gather $325 million of business last year. How many legal business ideas can generate this amount of income that quickly? In business terms they operated in 58 countries, had 1331 distributors, used 7242 different product samples and those they had over 400 thousand infected customers.

So what can we all learn about this single family of malware? Your security needs to be protected from all of those over 7000 samples and that simply cannot be done by trusting traditional antivirus signatures provided by any antivirus vendor in the world. How can we then protect ourselves? There is the most common way to just pay that ransom or restore backup and hope that lightning doesn’t hit twice to same place.

But if you don’t want to trust only on your luck we should maybe do something. By this I mean behavior and reputation that are related to those outcomes. You don’t make your business decisions without knowing what is most likely going to happen, or do you?

If I tell you that I can offer you solution that solves this problem would you be interested? I’m talking about McAfee Threat Intelligence Exchange which is totally unique solution from Intel Security. With TIE you will see all the files that are in your environment and look/give reputation of those and that reputation is shared to all of your devices and also other security solutions in real time. You can decide that only trusted files can run in that device or group of them. Traditional signature based antivirus solution block only known malicious files but when it’s unknown it lets it run, but with TIE you can decide what is good for you.

It doesn’t have to stop there. You can stop just building that wall around your infrastructure and instead start hunting. With our Active Response you can regardless of the file type or delivery vehicle look for example does any other device have that same malicious file, has any other device tried to contact same IP-address etc. You can also monitor all the network activity, or host flow, generated at the system level. That’s a critical capability because attackers increasingly target domain name servers (DNS)—which as you know are basically your business phonebooks.

All this and much more can be done from single management console by one person, without necessarily need to buy expensive sandboxing or security event management solutions.

So why not just stop trusting on your luck and let’s do together something about it?