BotNet News

Your source for Online Security News

Ransomware

Ransomware — malware that encrypts files and demands a ransom to restore them — is one of the most dangerous threats businesses face. It is also difficult to clean up.

Attackers extort tens of millions of dollars in ransom payments to recover their victims’ data. They do this by utilizing weak security weaknesses that allow hackers to lock files and data on the victim’s computer until a payment is made.

Detection Models:

Anti-ransomware technologies can detect a ransomware infection by monitoring network traffic. Machine learning models can learn normal and anomalous traffic features, which can distinguish a malicious communication pattern from a benign one.

Key Management:

Ransomware samples often encrypt files with a specific encryption key and then require payment of a ransom to restore the encrypted files. Identifying and recovering this key is challenging for many ransomware samples.

Known Ransomware Targets:

The most high-profile ransomware attacks have occurred in hospitals and medical organizations, which are tempting targets for attackers because of their reputation as safe and reliable places to conduct business. In the past, attackers have used this incentive to collect sensitive data from victims’ computers before encrypting it, then selling it or publicly exposing it if the demands are not met.

Public institutions, however, lack the cybersecurity capabilities to defend against ransomware adequately. Consequently, attackers target these organizations more frequently than other industries.

Screen lockers, a common type of ransomware that freezes users out of their computer completely, are another threat that has emerged in the last few years. When a computer infected with lock-screen ransomware is started up, the screen displays an official-looking FBI or Department of Justice seal that claims illegal activity has been detected on the device and demands payment.