PhishFry enables organizations of any size to proactively identify - and defend - against potential ransomware threats.
Ransomware is a type of malware whose purpose is to encrypt as much data on a targeted system as possible, and then as its name suggests, provide the means to unencrypt the files once a ransom is paid to the hacker. According to the FBI, ransomware payments to hackers went from $24M in 2015 to $1B for 2016. For monetary reasons alone, the problem is not going to go away anytime soon.
Additionally, the ability to launch ransomware attacks is fueled by three main factors. First, ransomware software is neither difficult nor expensive to obtain, and in some cases, it can be found for free. Second, the attacks, while often launched by professional criminals, can be launched by relatively unskilled individuals (think of the hacker next door). Third, unless careless mistakes are made, the probability of being caught is almost nil due to the ransomware payments always being made in the form of crypto-currency, like bitcoin.
This dynamic threat intelligence feed provides network address spaces and domain names that are either suspected of, or confirmed as, being involved with the distribution or command and control of ransomware scripts/code. The network addresses/domains can be used to perform preemptive blocking of ransomware actors, or used retroactively to enrich/give context to “after the fact” analysis.
PhishFry is in production use by large government and commercial clients across the US and integrates with all the leading firewall and next-generation firewall vendors.