Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Ransomware Overview
1. February 2016 Intel Security 1
Sales Brief
Customer Challenge
Hardly a day goes by without news of another emerging threat causing a security breach or privacy
violation. Businesses must find a way to neutralize all of these threats. One of the most common and
damaging threats targeting business today are called cypto-ransomware. The term ransom means the
practice of holding a prisoner or item to extort money or property to secure their release, or it may refer
to the sum of money involved.
Ransomware is a type of malware that encrypts a victim’s files and subsequently demands payment in
return for the key that can decrypt said files. These files may contain various types of information, such
as important financial data, business records, databases, and personal files that may hold sentimental
value to the victim, such as photos
and home movies. Once these files
are identified, the malware will
encrypt them using a key known
only by the attackers. In order to
acquire this key to decrypt these
files, the victim must pay a ransom
to the attackers, often in the form
of electronic currency, such as
bitcoin.
Ransomware is one of today’s
biggest security threats and
McAfee Labs has seen mass rise in
new, unique ransomware in 2015.
In 2015, we saw more unique
ransomware binaries than we have seen in the previous 4 years.
Cryptowall ransomware cost users/business $325 million in 2015 (Cyber Threat Report)
66% of the CryptoWall infections occurred from phishing emails
Cost of individual ransoms range from $300 - $17,000 per incident
Recent news on ransomware:
o LA Hospital Servers Shut Down By Ransomware
o Hospital's Ransomware Attack Highlights Importance of Strong Endpoint Protection
o Security Experts: You Should Never Pay Ransomware Hackers
2. February 2016 Intel Security 2
Call Topics - Combatting Ransomware
The goal is to use the recent publicity about ransomware threats as reason to call your customers or
prospects to have a discussion about how Intel Security can help them with these pervasive attacks.
Use this as an opportunity to be your customer’s #1 security advisor by suggesting ways they can
optimize their existing solutions to protect themselves or suggest additional technologies to fortify their
defenses against these types of attacks.
1. Topics for Conversation
Intel Security Labs have seen a sharp spike
in ransomware/cryptomalware activity
2015
There were more new unique samples
were seen in 2015 than in previous 4 years
combined.
Did you know that ransomware cost
users/business $325 million in 2015
Question: How aware are you of
ransomware and cryptomalware attacks?
We have seen many organizations in
various industries across all regions
targeted; they thought they would be
protected against these threats, however
with the highly targeted nature of these
attacks, traditional standalone defenses
are struggling – we have been called in to
help many organizations.
Did you know 66% of the CryptoWall
infections occurred from phishing emails
Question: What are you currently seeing in
your organization around cryptomalware
or ransomware attacks?
3. February 2016 Intel Security 3
Organizations can’t rely on traditional
defenses alone – Signatures and even
reputation are not enough to combat these
targeted attacks
Because of these attacks we have been
running tests on the effectiveness of
various Countermeasures/Protections
against these attacks and we want to share
this info with your customers
We have a Ransomware prevention
document that outlines how our different
technologies can help prevent these
attacks.
Question: Can I send that to you?
Intel tested various defenses
Current AV alone – 63% detection
Sandboxing alone – 65% detection
Gateway Anti-Malware engine - 95% detection
Multiple engines – 99.96% (confirmed by AV
test)
Customer Opportunities
To prevent ransomware attacks, organizations today need advance defenses at many different layers,
from endpoint to gateway protection. Intel Security believes in order to efficiently filter, monitor, detect,
and block these advanced threats, organizations need a collaborative environment that protect, detect
and correct from ransomware outbreaks.
For existing endpoint customers using existing endpoint security products, offer these solutions:
TIE/ATD – ATD will detect when new variants of ransomware; TIE/DXL will immediately
inoculate endpoint that may be targets.
Network Security Platform – NSP has signatures in their default policies to detect ransomware
Web Gateway – Use to stop spam and phishing that ransomware uses; use Gateway Anti-
malware (GAM) inspection to stop ransomware before they get to the endpoints
Engage with our Professional Service team
o For existing customers:
1. Our Incident Response team can come in and diagnose, contain the breach
Emergency Incident Response Services or Forensic Investigative Service
offerings
2. Our Education team can train staff on skills to tighten up security posture
Forensics & Incident Response (FIRE) educational course
3. Our Solution Services team can determine why existing products did not detect,
assess current environment and offer recommendations on future solutions
4. Utilize our Managed Services team augment existing staff, if needed.
o For net new customers:
1. All same, except in #3 our Solution Services team can design and architect a
new Intel Security solution.
Qualifying Questions to Ask
How aware are you of ransomware and cryptomalware attacks?
What are you currently seeing in your organization around cryptomalware or ransomware
attacks?
Has your organization ever been impacted by these types of attacks, if so how did you respond?
What are your concerns currently with this style of attack?
How are you currently protecting against these attacks?
4. February 2016 Intel Security 4
Customer Assets Available
Solution Brief - Defeat Ransomware: Ensure Your Data Is Not Taken Hostage – Four page
solution brief outlining what ransomware is and how some of (not all) Intel Security solutions
that help to protect against ransomware
Blog - Advice for Unfastening CryptoLocker Ransomware – Detailed article on what a customer
should do after a ransomware attack
Knowledgebase Article - Protecting against Cryptolocker, CryptoWall & Teslacrypt –
Knowledgebase article on how to configure VSE and HIPS to provide protection against
ransomware
McAfee Labs Threat Report – Ransonware Returns: New Families Emerge with a Vengence
support – In this issue of the McAfee Threat Report there is an article on ransomware, page 14.