Resources > Security Terms Glossary > What is Ransomware Protection

What is Ransomware Protection?

What is ransomware protection?

Ransomware protection consists of the tools, technologies, and strategies employed to prevent cyber criminals from delivering and executing malicious software that coerces businesses into paying a fee, usually in cryptocurrency, to regain access to their data, infrastructure, and network.

For over 30 years, cybercriminals have been leveraging ransomware to threaten and extort businesses for potentially massive profits, but it became a widely used attack method in 2015. By June of that year, a strain of ransomware called CryptoWall had accrued more than $18 million, according to the U.S. Federal Bureau of Investigation (FBI). Ransomware continues to dominate headlines worldwide, as legacy protection strategies haven’t been able to cope with cybercriminals’ ever-evolving tactics.

Today’s approaches to ransomware protection are not only highly effective but also easy to deploy. Adequate ransomware protection begins with adopting a modern security posture, one that’s natively built in the cloud to protect users, applications, and sensitive data from these attacks.

To keep up with today’s most common threats, a proper ransomware protection strategy must incorporate the following principles and tools to prevent these attacks from negatively impacting one’s network or infrastructure:

  • Use an AI-driven sandbox quarantine to hold and inspect suspicious content
  • Inspect all SSL/TLS-encrypted traffic
  • Implement always-on protection by following off-network connections

Modern solutions paired with the emerging, and necessary, philosophy of preventing ransomware attacks before they happen are now widely regarded as the most-effective ransomware protection model—which we’ll continue to take a closer look at below.

 

Ransomware protection with AI-driven sandbox quarantine

Today’s ransomware attacks are uniquely-crafted for their intended targets, which means preventing them requires the ability to detect and thwart never-before-seen, zero-day threats before they can cause harm. Outdated approaches to ransomware protection rely on out-of-band malware analysis that passes unknown files to the user at the same time they’re being analyzed. Such “passthrough” approaches send an alert if the file is found to be malicious, but by that time it will have already reached its target, creating a significant risk of infection.

With an AI-driven sandbox quarantine built on a cloud-native proxy architecture, files can be quarantined and fully analyzed before delivery, virtually eliminating the risk of patient-zero infections. In contrast to legacy, passthrough approaches, suspicious files, or those never seen before, are guaranteed to be held for analysis and will not reach your environment.

Moreover, a cloud-native, AI-driven solution like Zscaler Cloud Sandbox delivers additional benefits including:

  • Complete control over quarantine actions with a granular policy defined by groups, users, and content type
  • Real-time security verdicts on unknown files powered by machine learning and the Zscaler Zero Trust Exchange—the world’s largest security platform built for the cloud
  • Fast, secure file downloads, while any identified as malicious are marked for quarantine

Essentially, Zscaler Cloud Sandbox prevents ransomware by ensuring that any unrecognized files or malicious files never make it to your network. 

 

Ransomware protection by inspecting all encrypted traffic

Up to 90 percent of all internet traffic is now encrypted. Attackers have been taking notes and are now leveraging encryption to hide their attacks, including ransomware. Therefore, comprehensive ransomware protection must inspect all encrypted traffic to reduce risk. That said, full SSL inspection can be challenging with legacy technologies. The process of decrypting, inspecting, and re-encrypting traffic is compute-intensive and most appliances, such as next-generation firewalls, do not have the processing power to handle it without bringing performance to a standstill. Moreover, it doesn’t matter if it’s an appliance or VM in the cloud; either type of solution takes a performance hit when inspecting SSL traffic.

So, what can keep up with the demands of top-to-bottom SSL/TLS inspection?

A cloud-native proxy architecture, like Zscaler’s, allows organizations to perform complete SSL inspection at scale without impacting performance and without the need to expand the processing capacity of costly appliances. Using a global cloud distributed across more than 150 data centers on six continents, SSL traffic can be thoroughly inspected for hidden ransomware threats with no dips in performance—even if user bandwidth dramatically increases. 

All of this combines to eliminate any security gaps caused by the difficulty of analyzing ransomware hidden in encrypted traffic.

 

Ransomware protection by following off-network connections

Always-on security is another challenge organizations struggle with when it comes to ransomware. By today’s standards, always-on security means extending your corporate security policies to keep your network safe even as users drop off VPN, use personal devices, and connect via home or public Wi-Fi networks. Enterprises relying on legacy approaches tied to their data centers and regional gateways are unable to have their security policies follow users off-network, allowing attackers to deliver ransomware to those they know are operating outside of your security controls.

Fortunately, Zscaler can deliver the first two ransomware protection strategies mentioned above (AI-driven sandbox quarantine and complete SSL inspection) to users regardless of their location and the device being used. Every connection over any network gets identical protection to uncover and thwart both known and unknown threats, keeping your organization free from patient-zero ransomware infections. 

This approach to preventing ransomware starts with user connections being secured through the Zscaler Zero Trust Exchange. Off-net users simply add Zscaler Client Connector, our lightweight endpoint agent, to their laptops or mobile devices to get the same security, policy enforcement, and access controls as if they were in your headquarters.

 

Strengthen your ransomware protection strategy today

As research and headlines show, ransomware isn’t going anywhere. Zscaler has already helped

thousands of customers prevent ransomware and countless other security attacks from reaching their networks with unparalleled scalability and superb user experiences.

Here are additional ransomware protection resources for you to consider as part of your overall security strategy: