Story image

CASE STUDY: War on ransomware marching forward with Europol coalition

07 Nov 17

In 2016, a unique coalition was formed with Europol’s European Cybercrime Centre, Dutch Police, Kaspersky, and Intel security.

Its goal? To address the rapid growth of cybercrime conducted through the use of ransomware, effectively ‘declaring war’.

Deemed the ‘No More Ransomware Coalition’, the group provides a public repository of knowledge and resources to help individuals and organisations fight ransomware.

There is no doubt that action of this kind was desperately needed, as authorities estimated global losses from ransomware in 2016 to be more than $200 billion.

According to the coalition, a key part of its website is an application that analyses user-submitted samples in order to identify particular strains of ransomware.

Furthermore, the site hosts an ever-growing database of decryption keys that may be able to retrieve visitors’ encrypted files without paying ransom, and directs users to the most likely ones to use. This is addition to a number of educational resources in an attempt to equip people with the knowledge necessary to recognise and avoid ransomware.

The coalition was aware that their site would be an instant and irresistible target for cybercriminals, which mean cybersecurity was a key priority. After all, who could resist hacking a site that is designed to prevent them from hacking in the first place?

Consequently, Amazon Web Services (AWS) was chosen to host the site given its extreme agility, flexibility, and excellent baseline security.

Another reason for this choice was the ease of integrating Amazon’s native security with best-of-breed application security using Barracuda Web Application Firewall.

The coalition asserts the decision to use the Barracuda Web Application Firewall proved to be a wise one, as on the day it went live the site hosted more than 2.6 million visitors – substantial not only because of the number but also the fact that they were only expecting around 12,000.

AWS made it easy to adjust resources to meet the unexpected demand—and Barracuda Web Application Firewall automatically scaled to secure additional instances as they spun up—without affecting performance.

And to the surprise of no one, it also came under attack as soon as it was launched. Within days, Barracuda Web Application Firewall had blocked more than 51,000 attacks, ranging from standard DDoS attacks to more exotic and sophisticated attacks on portions of the infrastructure.

The coalition says despite the huge number of legitimate visitors amidst attack requests that go through VPN systems to mask their true nature (more than a million and counting), the site continues to run smoothly and has never been brought down by attackers.

“AWS and Barracuda were both totally dedicated to the project,” says Steven Wilson, head of European Cybercrime Centre Europol.

“Their teams worked together quickly to map out the security controls we would need, and they showed us how easily we could configure those controls using the Barracuda Web Application Firewall.”

At the end of the day, the No More Ransom initiative has been successful in bringing together law enforcement and cybersecurity resources and information to help individuals and organisations around the world fight back.

If you would like to know more, AWS, Barracuda Networks, and Securosis will be hosting a webinar tomorrow to discuss leading-edge application security techniques for creating secure application environments, embedding security into continuous deployment, and scaling security to perfectly fit your operations.

Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
WatchGuard appoints new channel distributors in A/NZ
The appointments will enable WatchGuard to expand its regional channel reseller footprint.