Icon Close country selection
Back to the list
A10 Networks

A10 Networks Thunder SSL Insight effective protection against ransomware


Ransomware is one of the most terrifying possibilities in the modern threat landscape. This is a specialized form of malicious attacks that first forces victims to encrypt files and then demand payment for a decryption key to restore access to data. In addition to costs ranging from several hundred to several million dollars, organizations are exposed to problems related to the inaccessibility of files. Even if the request is paid, the victim has no guarantee that the promised key will be delivered. Ransomware blocks access to data, which makes it a much greater threat than simple file theft. This clearly shows that protection against ransomware should be a priority in every company's cybersecurity.



Ransomware attacks everyone
In 2022, many organizations have been attacked by malware. Enterprises from almost every economic sector fell victim to it. Here are the most spectacular ransomware attacks in the past year:

  • Attack on government units in Costa Rica

In May, Costa Rican President Rodrigo Chaves declared a state of emergency in the country due to the Conti ransomware that attacked numerous public institutions, including the Ministry of Finance, Ministry of Science and the Costa Rican Social Security Fund.

  • Puma Attack (enterprise)

In January, Puma was informed of a ransomware attack on Kronos, a provider of personnel management solutions. More than 6,600 employees' data was compromised and encrypted, but none of it was released. Kronos regained access to this classified information moments after he awarded two years of free Experian Identify Works to affected employees as compensation. The package included i.a. credit monitoring and additional insurance.

  • French hospitals attacked by ransomware

In August, criminals used the LockBit ransomware to exfiltrate data in the French hospital Center Hospitalier Sud Francilien. In response to the unpaid ransom, the hackers released patient data and other medical records. The attack caused disruption in the hospital's operations, and the facility was forced to transfer patients to other centers or even cancel or postpone treatments and operations.
Another French hospital, André Mignot in Versailles, was also targeted in December. As part of maintaining security, the facility was forced to turn off its network. André Mignot reduced the admission of new patients and transferred some of them to other centers.


How do ransomware attacks work?
Ransomware attacks can be initiated in many ways. One of its most common forms is phishing: a user receives an email with a file that appears to be safe and legitimate, and when they open it, malware hijacks the victim's device. It can even gain administrative access through sociometric techniques. In such a situation, ransomware is able to spread from one computer to another and eventually infect the entire network. The most aggressive forms of ransomware, such as Petwrap/Petya, completely bypass the user and hijack devices through existing vulnerabilities.
Once the computer is infected, the malware encrypts all the user's files and forces the system to reboot. This is followed by information about the exploit and the requested ransom, usually in the form of an unidentifiable Bitcoin payment, and about the due date. If the company decides to pay the stated amount, a decryption key will be provided. If not, the data will be permanently encrypted and inaccessible.
Any organization can fall victim to this type of attack. However, ransomware targets are chosen based on factors such as vulnerability, data sensitivity, and the desire to avoid publicity. For example, universities tend to have a low level of protection against ransomware and other threats, while they have a high level of file sharing, which makes them easy targets for phishing attacks. Government organizations or cities have computer systems that rely on critical public services such as law enforcement, emergency response, public transportation, and the judiciary, making lost data recoverable almost immediately. For hospitals and medical facilities, this information can literally be a matter of life and death. In contrast, banks, corporations or law firms may have to pay to avoid being linked to a ransomware attack and have the financial resources to do so.
Ransomware attacks can pose a greater threat than simple data theft. Theft is costly and embarrassing for the victim, but the data remains available to the organization. However, in the event of an attack by this malware, companies lose access to all information and files.
Ransomware continues to evolve in terms of technology and technique. Cybersecurity experts report that there is a convergence of ramsomware with data theft and data exfiltration to create a particularly harmful threat.
Traditional exfiltration is a combination of extortion and data theft. Hackers breach enterprise security and take important information – business data, intellectual property or financial records. The criminals then value the stolen records on the black market and contact the victim to demand payment. Otherwise, the data will be sold. The attackers in this case benefit from the reputational damage, potential regulatory acts, and other effects of disclosing classified information, while still being available to the organization.
Some ransomware variants such as Maze or DopplePaymer have been used to add a data exfiltration threat. If victims are hesitant to pay the ransom, hackers share some of the data to increase the pressure and release the exploit. Combining the loss of reputation resulting from data theft or exfiltration with operational disruption caused by a ransomware attack, this type of attack can be dangerously effective in countering the use of data backups as a defense against ransomware.


How does the A10 protect against ransomware?
Effective protection against ransomware depends on full visibility of encrypted traffic and stopping any stealth attacks at the network edge. A10 Networks Thunder SSL Insight (SSLi) enables SSL decryption and SSL inspection to enhance the effectiveness of your existing security infrastructure and detect ransomware, malware and other exploits hiding in encryption traffic.
If you want to learn more, we encourage you to contact our Business Development Manager who will provide you with all the information.

Contact Us

Bakotech Sp. z o.o.

ul. Drukarska 18/5

30-348 Kraków


Dane firmy

VAT ID 6762466740

REGON 122894922

KRS 0000467615


ph. +48 12 340 90 30


Privacy policy

Subscribe to stay updated

Would you like to stay updated on the current IT and InfoSec news? About BAKOTECH events like webinars, trainings and conferences? Please, leave your e-mail:
Error occured. Please check the form fields and try again.
This address is already in our database.
The subscription has been added. Thank you!
© Bakotech - 2022. All rights reserved

The website uses cookies to deliver services in accordance with the Cookies Policy. You can define the conditions for storing or accessing the cookie mechanism in your browser.

I accept