July 31, 2019
The recent spate of ransomware attacks is proving a prediction many cybersecurity professionals made wrong. Ransomware is not dead as the past few months’ headlines prove and many companies are still paying the price.
Unfortunately, not all security solutions are equal. That could be a reason why organizations still succumb to ransomware attacks despite using security software. All is not lost though. Because even if your security solution fails to safeguard your network and systems from the threat, you can take a more proactive stance to your defense with the aid of a WHOIS database download. I’ll tell you how in this article. But first, let’s review how a ransomware attack ensues and how security solutions work against them.
How Ransomware Attacks and Defense Work
Ransomware usually end up on a system via exploitation. Several are injected into insufficiently protected systems using an exploit kit that’s distributed via spam or malicious websites and pages. Each exploit kit typically carries various payloads—cryptocurrency miners, ransomware, and all types of malware. What it drops will depend on the target system’s configuration and weaknesses. Once a vulnerability is found, a system is compromised and the ransomware is executed. Most victims only find out when it’s too late—their files have already been encrypted and they’ve been locked out of their computers. All they’re left with is a ransom note asking them to pay or lose their files for good.
To prevent ransomware from taking hold of systems and their users’ files, security solutions would typically block all known malicious URLs—the ransomware’s sources. This is where the problem lies because cybercriminals are often quicker to the draw than cybersecurity professionals. Some solutions just can’t keep up with the many modifications and enhancements made to thousands (maybe even millions) of ransomware variants to date that are used in attacks. So, even if your company has protection installed, it can still end up on the losing end of the battle.
Like I said, however, all hope’s not lost. You can take extra steps to enhance your company’s ransomware defense by using a WHOIS database download. Let me tell you how.
How a WHOIS Database Download Can Beef Up Your Ransomware Protection
Ransomware defense lies in blocking the threat from the source. That means collating a list of all related domains from threat reports and relevant news and making sure no one in your company can access these.
A WHOIS database download that contains a comprehensive list of domains, typically amounting to around 6 billion, that span the entire TLD space (includes not just commonly used TLDs, but also less commonly seen ccTLDs and newly created gTLDs), can help you identify all domains that may have ties to the threat even if these aren’t mentioned in your threat intelligence sources. You can then manually add these to your security solution’s list of blocked sites and pages. It may be a tedious process but then again would you rather suffer direr consequences?
I’ve seen organizations spend millions just to take back control of their systems or get their business back into operation. Some are even unluckier because they have had to close shop. Your company doesn’t have to suffer the same fate.
Securing your virtual holdings should always be your number 1 priority if you want your business to succeed. Though threats like ransomware may come and go, defending your network and assets will always start with blocking them from the source. To make sure you cover all your bases, use a WHOIS database download. It’ll not only give you information on known threat vectors, but also identify unknown potential threat sources.
Alexandre François is Senior Content Manager at www.ipify.org. He is knowledgeable about technologies that permit tracking IP addresses and other relevant data to ensure better cybersecurity protection and marketing campaigns.