The Centripetal Blog

CleanINTERNET: Preventing Ransomware with Intelligence

Posted by Byron Rashed on June 15, 2021

Recently several high-profile ransomware incidents have affected the country, these include Colonial Pipeline , JBS , and FujiFilmThese attacks do not occur in a vacuum and use known Indicators of Compromise (IOCs) previously published in Cyber Threat Intelligence (CTI). Centripetal’s massive library of CTI contained these indicators for months before the attacks occurred and can be actively prevented.

Previously Known Indicators

Analyzing the IOCs from the Colonial Pipeline attack shows that the indicators for Darkside ransomware were known since early January of 2021 across 53 separate CleanINTERNET intelligence feeds before the attack was launched. Similarly, the JBS and FujiFilm attacks from the REvil/Sodinokibi ransomware had IOCs published in CTI since January 13th, 2021 across 65 CleanINTERNET intelligence feeds. The intelligence was published by providers including Recorded Future, Proofpoint Emerging Threats, IBM X-Force, ZETAlytics, and more.

The intelligence was known beforehand and malicious actors can be stopped in their tracks.

Proactive Defense with Applied Intelligence

Centripetal actively defends networks by utilizing CTI in a proactive manner. CleanINTERNET uses a custom-built Threat Intelligence Gateway to automatically block malicious indicators as they are published in CTI.

Tags: SecOps