BotNet News

A form of malware that extorts money from victims by blocking access to critical data. Ransomware uses various attack vectors to establish presence on an endpoint, search and encrypt files and exploit system and network vulnerabilities to spread across networks and systems. Criminals typically offer victims a window of time to pay the ransom, or the threat will escalate. Many experts advise against paying the ransom because it perpetuates the monetary benefits to attackers, but organizations are often left with no other option when a ransom deadline is approached or the impact to the business becomes evident.

Cybercriminals usually launch ransomware attacks using phishing emails with an attachment or link that the victim believes is legitimate. Once opened, these attachments download and execute the malware to infect a system. However, more aggressive forms of ransomware can also exploit security holes to infect a computer without having to rely on social engineering techniques. Additionally, some ransomware variants can spread via chat messages, removable Universal Serial Bus (USB) drives or browser plugins.

Once an infection is discovered, it is important to quickly isolate the affected device and disconnect it from the network. This will limit the scope of the ransomware and ensure that it cannot continue spreading to other devices. It is also recommended to shut down wireless connectivity, especially if the device in question is mobile and/or off-premises, as these may be compromised by attackers on other networks. In addition, it is recommended to contact local and regional law enforcement to ensure appropriate notification and disclosure procedures are followed.