This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

New Advanced URL Filtering/PANDB Category: Ransomware

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

New Advanced URL Filtering/PANDB Category: Ransomware

almraza
L2 Linker
‎06-30-2022 01:18 PM

Screen Shot 2022-09-29 at 9.37.31 AM.png

Ransomware

Starting September 27, 2022, Palo Alto Networks will start publishing URLs into the newly introduced category  “Ransomware” available with content release version 8592 and above.

 

ACTION: Action will be required. Ransomware category action is set to “block” only for the default profile. If you have multiple URL Filtering Security profiles, you need to update the default action to BLOCK for each of these profiles.

 

How is Ransomware defined?

Palo Alto Networks defines Ransomware as websites known to host ransomware or malicious traffic involved in conducting ransomware campaigns that generally threaten to publish private data or keep access to specific data or systems blocked, usually by encrypting it, until the demanded ransom is paid.

 

Will the “Ransomware” category be visible across all PAN-OS versions?

Yes. It is, however, only supported on PAN-OS 9.1 and above. For PAN-OS version 9.0 and below, Ransomware detections will be covered under the category “Malware”.

Note: The “Ransomware” category cannot be used in PAN-OS 9.0 or below.  It is visible on the GUI as a setting even in PAN-OS 9.0 or below. However, no URL will ever be identified as "Ransomware" category in PAN-OS 9.0 or below.

 

When will the “Ransomware” category be functional?

Starting September 27, 2022, Palo Alto Networks will start publishing URLs that are categorized as ransomware. Please ensure that your security policy rules are configured properly for this new category.  

 

Note: Ransomware category functionality will only be supported on PAN-OS versions 9.1 onwards. For PAN-OS version 9.0 and below, ransomware detections will be covered under the Malware category.

 

What is the recommended action for the “Ransomware” category?

Similar to the command-and-control (C2) and malware categories, ransomware attacks pose a serious threat to users and businesses, therefore Palo Alto Networks recommends customers to keep the default action for this category set to “BLOCK”.

Note: The ransomware category action is set to “block” only for the default profile.  

 

ACTION: If you have multiple URL Filtering security profiles, you need to update the default action to “BLOCK” for each of these profiles.

 

What is the Palo Alto Networks test URL for Ransomware?

The test URL for ransomware is http://urlfiltering.paloaltonetworks.com/test-ransomware

 

Does this new category impact me?

Yes. The ransomware category action is only set to “block” for the default profile. If you have multiple URL Filtering security profiles, you need to update the default action to “BLOCK” for each of these profiles.

 

Additional Information

For more information on best practices when managing URL Filtering categories, check out these resources:

URL Filtering Category Recommendations

Complete List of PAN-DB URL Filtering Categories

 

 
14 Comments
  • 229501 Views
  • 14 comments
  • 6 Likes
Register or Sign-in
Labels
Popular Blogs
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks