<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p><img class="alignnone size-full wp-image-1676" src="http://cdn2.hubspot.net/hubfs/2548414/Imported_Blog_Media/hires.jpg" alt="HiRes" width="5000" height="5000">Those of you who follow cybersecurity news in general and our blog in particular have likely noticed a rise in the&nbsp;number of ransomware-related events.</p> <!--more--><p>Over the last few weeks alone we seen a high-profile case of <a href="http://www.bbc.com/news/technology-35880610">three US hospitals under attack</a>, and software such as remote control tool <a href="https://blog.knowbe4.com/teamviewer-denies-it-is-ransomware-infection-vector">TeamViewer</a>, which claims one billion downloads, being used as a ransomware attack vector. The <em>Los Angeles Times</em> has deemed 2016 the <a href="http://www.latimes.com/business/hiltzik/la-fi-mh-2016-is-the-year-of-ransomware-20160308-column.html">year of ransomware</a>.</p> <p>We on the ThreatSTOP security research team work diligently to protect our customers from ransomware attacks. Over the past several weeks we have introduced and updated our ThreatSTOP Shield service and ThreatSTOP DNS Firewall with thousands of indicators related to new ransomware events.</p> <p>To make it easier for ThreatSTOP customers to consume this information directly, and better protect their networks and users, we had gone a step further and added two new target lists to our system which are available in Expert mode:</p> <ul> <li>TSCritical Ransomware</li> <li>TSCritical Ransomware domains (for ThreatSTOP DNS firewall clients only)</li> </ul> <p>These ransomware targets are manually curated by our security research team, and manually validated data about distribution sites and C&amp;Cs servers will be shared with our customers via those lists.</p> <p>We have also updated several of our synthetic target lists to accommodate this addition and to make it easier for our customers to consume the data:</p> <ul> <li>CRYPTO (for all of our customers) and CRYPTO-Domains &nbsp;(for DNS firewall clients only) have been upgraded with the TSCritical Ransomware data as well as the ransomware tracker data from ch (Thanks for the great work guys!)</li> <li>BOTNETS, BOTNETS-RU (for all of our customers) and BOTNETS-Domains (for DNS firewall clients only) are now consuming the TSCritial Ransomware and the CRYPTO data as well. These targets are available in basic mode, and if you already have them in your policy, you are automatically protected.</li> </ul> <p><strong>Note</strong> – we only block C&amp;Cs and distribution sites for ransomware, and do not block payments sites.</p> <p>We highly recommend current customers update their policies and include these targets in them to immediately increase their protection from the growing number of ransomware attacks.</p> <p>&nbsp;</p></span>
![When Good IPs Behave Badly - like 146.88.240[.]4](https://www.threatstop.com/hs-fs/hubfs/orisitv2.png?width=600&name=orisitv2.png)