Ransomware

Ransomware is computer malware that covertly installs on a victim's computer, encrypts data and demands a ransom payment in order to decrypt or not publish the sensitive data. Payment is typically requested via digital currency.

Indicators for Umbrella’s ransomware category are derived from multiple sources including the spike rank model, which detects domains with sudden spikes in traffic, domain generated algorithms (DGA) and command and control activity. In addition, our industry-renowned researchers are constantly finding new ways to uncover fingerprints that attackers leave behind and actively searching for new ransomware variants. When ransomware is detected, Cisco Umbrella will block at the IP and domain level as well as analyze risky domains in the Intelligent Proxy.

There are three key factors that make up our unparalleled threat intelligence: data, security researchers, and statistical and machine learning models. Umbrella resolves over 175 billion DNS requests daily, far more than any other security vendor, giving our researchers a unique view of the internet to better identify trends on threats, faster. In addition, our industry renowned researchers are constantly finding new ways to uncover fingerprints that attackers leave behind and building new statistical and machine learning models to automatically classify our massive amounts of data.