How Ransomware Is Getting Through Your Firewall

Ransomware is on the rise. This shouldn’t surprise anyone, really. But it’s alarming all the same. Bitlocker, Locky, and all the rest are wreaking havoc on our networks, personal lives, and organizations. The fact is, they’re getting through despite your best security. Today I want to talk about why, and how to stop it.

SSL Certificates are used to get malware and ransomware through firewalls and around virus protection.

SSL Certificates are used to get malware and ransomware through firewalls and around virus protection.

It may seem counter-intuitive, but ransomware has grown in large part because of how good our security already is. HTTPS traffic is becoming more and more common, and it’s supposed to be a measure of a strong, secure connection from a trusted source. There’s a problem, though: it’s incredibly easy to get an SSL certification that allows your traffic to be run as HTTPS.

That’s all you need to create a “secure” connection from your site. Less than sixty bucks. Once you have that, you can literally send anything you want using an HTTPS connection, because it’s not being scanned. Sites like poodlecorp even allow you to basically buy a DDoS attack. No need to know how to code or how to write malware. For$55.99 at GoDaddy and $29.99 at poodlecorp, you’re ready to take down a whole plethora of networks. And SME businesses are getting hit the worst. They don’t have the means necessary to detect this traffic.

Unless, of course, you’re using Deep Packet Inspection.

Turning on Deep Packet Inspection(DPI) allows you to monitor HTTPS traffic as if it were just HTTP traffic. So the anti-virus, web monitoring, and malware detection services you’ve been paying for on your firewall will now be put to even greater use because without DPI turned on and properly configured for your network, those services haven’t been able to look into your HTTPS traffic.

We’ve been working with many of our WatchGuard clients to get this up and running, and it’s been a huge success for them. Using a proper roll-out for the network, by starting with a small sub-set of users, and growing over time, we’ve been able to monitor the progress and efficiency of the added security.

Because it’s built into the WatchGuard firewall itself, DPI is a great example of how we can further our security through work and dedication, instead of just throwing more money at a solution. And that’s what Network Security is really all about, dedicating yourself to it instead of hoping that this one purchase of software or hardware will fix it. The Scumbags are out there and are trying to get one step ahead of you. Don’t let them.