Starting September 27, 2022, Palo Alto Networks will start publishing URLs into the newly introduced category “Ransomware” available with content release version 8592 and above.
ACTION: Action will be required. Ransomware category action is set to “block” only for the default profile. If you have multiple URL Filtering Security profiles, you need to update the default action to BLOCK for each of these profiles.
How is Ransomware defined?
Palo Alto Networks defines Ransomware as websites known to host ransomware or malicious traffic involved in conducting ransomware campaigns that generally threaten to publish private data or keep access to specific data or systems blocked, usually by encrypting it, until the demanded ransom is paid.
Will the “Ransomware” category be visible across all PAN-OS versions?
Yes, the ransomware category will be visible across all PAN-OS releases.
What is the recommended action for the “Ransomware” category?
Similar to the command-and-control (C2) and malware categories, ransomware attacks pose a serious threat to users and businesses, therefore Palo Alto Networks recommends customers to keep the default action for this category set to “BLOCK”.
Note: The ransomware category action is set to “block” only for the default profile.
ACTION: If you have multiple URL Filtering security profiles, you need to update the default action to “BLOCK” for each of these profiles. This applies to all versions of PAN-OS software.
When will the “Ransomware” category be Available?
The Ransomware category will be visible on the administrator management console from July 12th, 2022 but we will not use the category to classify web pages until September 27, 2022.
When will the “Ransomware” category be functional?
Starting September 27, 2022, Palo Alto Networks will start publishing URLs that are categorized as ransomware. Please ensure that your security policy rules are configured properly for this new category.
What is the Palo Alto Networks test URL for Ransomware?