SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
CASE STUDY: War on ransomware marching forward with Europol coalition
Tue, 7th Nov 2017
FYI, this story is more than a year old

In 2016, a unique coalition was formed with Europol's European Cybercrime Centre, Dutch Police, Kaspersky, and Intel security.

Its goal? To address the rapid growth of cybercrime conducted through the use of ransomware, effectively ‘declaring war'.

Deemed the ‘No More Ransomware Coalition', the group provides a public repository of knowledge and resources to help individuals and organisations fight ransomware.

There is no doubt that action of this kind was desperately needed, as authorities estimated global losses from ransomware in 2016 to be more than $200 billion.

According to the coalition, a key part of its website is an application that analyses user-submitted samples in order to identify particular strains of ransomware.

Furthermore, the site hosts an ever-growing database of decryption keys that may be able to retrieve visitors' encrypted files without paying ransom, and directs users to the most likely ones to use. This is addition to a number of educational resources in an attempt to equip people with the knowledge necessary to recognise and avoid ransomware.

The coalition was aware that their site would be an instant and irresistible target for cybercriminals, which mean cybersecurity was a key priority. After all, who could resist hacking a site that is designed to prevent them from hacking in the first place?

Consequently, Amazon Web Services (AWS) was chosen to host the site given its extreme agility, flexibility, and excellent baseline security.

Another reason for this choice was the ease of integrating Amazon's native security with best-of-breed application security using Barracuda Web Application Firewall.

The coalition asserts the decision to use the Barracuda Web Application Firewall proved to be a wise one, as on the day it went live the site hosted more than 2.6 million visitors – substantial not only because of the number but also the fact that they were only expecting around 12,000.

AWS made it easy to adjust resources to meet the unexpected demand—and Barracuda Web Application Firewall automatically scaled to secure additional instances as they spun up—without affecting performance.

And to the surprise of no one, it also came under attack as soon as it was launched. Within days, Barracuda Web Application Firewall had blocked more than 51,000 attacks, ranging from standard DDoS attacks to more exotic and sophisticated attacks on portions of the infrastructure.

The coalition says despite the huge number of legitimate visitors amidst attack requests that go through VPN systems to mask their true nature (more than a million and counting), the site continues to run smoothly and has never been brought down by attackers.

“AWS and Barracuda were both totally dedicated to the project,” says Steven Wilson, head of European Cybercrime Centre Europol.

“Their teams worked together quickly to map out the security controls we would need, and they showed us how easily we could configure those controls using the Barracuda Web Application Firewall.

At the end of the day, the No More Ransom initiative has been successful in bringing together law enforcement and cybersecurity resources and information to help individuals and organisations around the world fight back.

If you would like to know more, AWS, Barracuda Networks, and Securosis will be hosting a webinar tomorrow to discuss leading-edge application security techniques for creating secure application environments, embedding security into continuous deployment, and scaling security to perfectly fit your operations.