BotNet News

Your source for Online Security News

Ransomware encrypts your files and demands ransom to be paid in order to recover them. This type of ransomware is the most dangerous because once it’s infected, no security software or system restore can return your data to you.

Detecting Ransomware

The first step to identifying ransomware is to identify what file types are being encrypted. These can be a wide range of common file formats including.doc,.xls,.pdf,.zip, and others.

Detecting ransomware also involves analyzing network traffic features to determine if the ransomware is communicating with the command and control (C&C) server using normal or anomalous patterns. Examples include a typical sequence of HTTP packets sent between the infected host and a C&C server for encryption or a defined pattern of outgoing packets with a larger than average packet size.

If you’ve been infected by ransomware, you need to take immediate action. You can restore your data from clean backups if they are available, but if not, it is crucial that you report the incident to local law enforcement authorities as soon as possible.

Reporting the incident to law enforcement will help in bringing the perpetrators to justice and can provide valuable information that may be used in a prosecution. This may include evidence of the attackers’ use of malware to extort the victim or proof that the encrypted data has been lost.

Companies should also notify their cyber insurance carrier immediately and loop in their legal department to help with the investigation. This will help ensure that any evidence is protected from disclosure and class-action lawsuits.