Ransomware and other hacker tools have become professionalized and built to standards of quality and usability typical of commercial software, and it is paying off! The Locky ransomware tool alone is estimated to be generating $1.6 million dollars per day in bitcoin revenue for hackers and we are all squarely in the crosshairs.

Stopping malware and ransomware requires a multivector approach called, "defense in depth". One of the key vectors that can be used to detect and disable ransomware is the DNS. As critical backbone infrastructure for the internet, the DNS is used by virtually all applications including ransomware. For example, 91 per cent of ransomware uses DNS for command and control to retrieve an encryption key and provide ransom payment instructions.

CIRA has deployed a DNS firewall delivered as a recursive service located in Canadian IXPs and well peered to the networking communities. This presentation will go into depth on the threat trends impacting organizations and how they can be mitigated by leveraging a global database of DNS information powering a cloud based DNS firewall. We will also be showing how this DNS firewall is deployed, how it protects beyond the network and how it can be used to filter malware sites and inappropriate content within the organization.


Shawn Beaton

Business Development Manager, CIRA