sb-eu logo
Story image

CASE STUDY: War on ransomware marching forward with Europol coalition

07 Nov 2017

In 2016, a unique coalition was formed with Europol’s European Cybercrime Centre, Dutch Police, Kaspersky, and Intel security.

Its goal? To address the rapid growth of cybercrime conducted through the use of ransomware, effectively ‘declaring war’.

Deemed the ‘No More Ransomware Coalition’, the group provides a public repository of knowledge and resources to help individuals and organisations fight ransomware.

There is no doubt that action of this kind was desperately needed, as authorities estimated global losses from ransomware in 2016 to be more than $200 billion.

According to the coalition, a key part of its website is an application that analyses user-submitted samples in order to identify particular strains of ransomware.

Furthermore, the site hosts an ever-growing database of decryption keys that may be able to retrieve visitors’ encrypted files without paying ransom, and directs users to the most likely ones to use. This is addition to a number of educational resources in an attempt to equip people with the knowledge necessary to recognise and avoid ransomware.

The coalition was aware that their site would be an instant and irresistible target for cybercriminals, which mean cybersecurity was a key priority. After all, who could resist hacking a site that is designed to prevent them from hacking in the first place?

Consequently, Amazon Web Services (AWS) was chosen to host the site given its extreme agility, flexibility, and excellent baseline security.

Another reason for this choice was the ease of integrating Amazon’s native security with best-of-breed application security using Barracuda Web Application Firewall.

The coalition asserts the decision to use the Barracuda Web Application Firewall proved to be a wise one, as on the day it went live the site hosted more than 2.6 million visitors – substantial not only because of the number but also the fact that they were only expecting around 12,000.

AWS made it easy to adjust resources to meet the unexpected demand—and Barracuda Web Application Firewall automatically scaled to secure additional instances as they spun up—without affecting performance.

And to the surprise of no one, it also came under attack as soon as it was launched. Within days, Barracuda Web Application Firewall had blocked more than 51,000 attacks, ranging from standard DDoS attacks to more exotic and sophisticated attacks on portions of the infrastructure.

The coalition says despite the huge number of legitimate visitors amidst attack requests that go through VPN systems to mask their true nature (more than a million and counting), the site continues to run smoothly and has never been brought down by attackers.

“AWS and Barracuda were both totally dedicated to the project,” says Steven Wilson, head of European Cybercrime Centre Europol.

“Their teams worked together quickly to map out the security controls we would need, and they showed us how easily we could configure those controls using the Barracuda Web Application Firewall.”

At the end of the day, the No More Ransom initiative has been successful in bringing together law enforcement and cybersecurity resources and information to help individuals and organisations around the world fight back.

If you would like to know more, AWS, Barracuda Networks, and Securosis will be hosting a webinar tomorrow to discuss leading-edge application security techniques for creating secure application environments, embedding security into continuous deployment, and scaling security to perfectly fit your operations.

Story image
Training is essential to build cybersecurity awareness
More than ever, businesses need to ensure that all their workers have the right skills and training to protect the business from cybercrime.  More
Story image
LogMeIn report outlines identity management's role in creating business trust
More resources are funnelled into identity and access management (IAM) than any other IT security area.More
Story image
Fortinet resolves to help communities through new Corporate Foundation
“Through the establishment of a Corporate Foundation, we are extending investments in security training and education, employee community engagement and disaster relief efforts to empower and protect our communities, as well as positively impact our business, employees, customers and shareholders.”More
Story image
54% rise in gaming-related cyber attacks recorded in April
Social isolation measures, widely implemented throughout the world during March and April, has been linked to both the increase in engagement for gaming and a corresponding boom in game-related cyber attacks.More
Story image
Keyfactor and Primekey announce partnership to automate PKI
“PrimeKey and Keyfactor share a mutual respect and mission to provide trust and security in zero-trust networks and manufacturing environments.”More
Story image
Attivo Networks raises the stakes against 'Ransomware 2.0'
“Advanced human-controlled ransomware can evade endpoint security controls and after initial compromise, move laterally to cause maximum damage, do data exfiltration and encrypt data."More