Story image

CASE STUDY: War on ransomware marching forward with Europol coalition

07 Nov 2017

In 2016, a unique coalition was formed with Europol’s European Cybercrime Centre, Dutch Police, Kaspersky, and Intel security.

Its goal? To address the rapid growth of cybercrime conducted through the use of ransomware, effectively ‘declaring war’.

Deemed the ‘No More Ransomware Coalition’, the group provides a public repository of knowledge and resources to help individuals and organisations fight ransomware.

There is no doubt that action of this kind was desperately needed, as authorities estimated global losses from ransomware in 2016 to be more than $200 billion.

According to the coalition, a key part of its website is an application that analyses user-submitted samples in order to identify particular strains of ransomware.

Furthermore, the site hosts an ever-growing database of decryption keys that may be able to retrieve visitors’ encrypted files without paying ransom, and directs users to the most likely ones to use. This is addition to a number of educational resources in an attempt to equip people with the knowledge necessary to recognise and avoid ransomware.

The coalition was aware that their site would be an instant and irresistible target for cybercriminals, which mean cybersecurity was a key priority. After all, who could resist hacking a site that is designed to prevent them from hacking in the first place?

Consequently, Amazon Web Services (AWS) was chosen to host the site given its extreme agility, flexibility, and excellent baseline security.

Another reason for this choice was the ease of integrating Amazon’s native security with best-of-breed application security using Barracuda Web Application Firewall.

The coalition asserts the decision to use the Barracuda Web Application Firewall proved to be a wise one, as on the day it went live the site hosted more than 2.6 million visitors – substantial not only because of the number but also the fact that they were only expecting around 12,000.

AWS made it easy to adjust resources to meet the unexpected demand—and Barracuda Web Application Firewall automatically scaled to secure additional instances as they spun up—without affecting performance.

And to the surprise of no one, it also came under attack as soon as it was launched. Within days, Barracuda Web Application Firewall had blocked more than 51,000 attacks, ranging from standard DDoS attacks to more exotic and sophisticated attacks on portions of the infrastructure.

The coalition says despite the huge number of legitimate visitors amidst attack requests that go through VPN systems to mask their true nature (more than a million and counting), the site continues to run smoothly and has never been brought down by attackers.

“AWS and Barracuda were both totally dedicated to the project,” says Steven Wilson, head of European Cybercrime Centre Europol.

“Their teams worked together quickly to map out the security controls we would need, and they showed us how easily we could configure those controls using the Barracuda Web Application Firewall.”

At the end of the day, the No More Ransom initiative has been successful in bringing together law enforcement and cybersecurity resources and information to help individuals and organisations around the world fight back.

If you would like to know more, AWS, Barracuda Networks, and Securosis will be hosting a webinar tomorrow to discuss leading-edge application security techniques for creating secure application environments, embedding security into continuous deployment, and scaling security to perfectly fit your operations.

Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
Facebook fights fake news ahead of Africa elections
“We also show related articles from fact-checkers for more context and notify users if a story they have shared is rated as false.”
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.