BotNet News

Your source for Online Security News

Ransomware

Ransomware is a type of malware that blackmails victims into paying a ransom to get their data back. This crime threatens productivity and business revenue. Organizations that don’t pay the demanded ransom risk losing thousands of dollars and potentially brand damage and litigation. Moreover, even if they successfully recover from an attack, it takes time to do so, which reduces productivity and negatively impacts revenue.

Attackers are constantly changing their ransomware variants to improve their ability to steal, extort, and disrupt businesses. For example, many of the most high-profile attacks this year were against healthcare and other medical organizations because attackers know that those enterprises are less likely to resist paying a ransom. Other targets include finance, which is often seen as “where the money is” and, thus, a tempting target for attackers.

Once ransomware gains access to a system, it typically begins by encrypting files. It is careful in its selection of files to encrypt, and may also delete backup or shadow copies of the affected file systems. Detection of these activities is possible through network traffic monitoring. Network features like average packet size, and the number of different packets per second (TPS) that are exchanged between a host machine and a C&C server can be used to identify suspicious activity.

It is important to remember that criminals who deploy ransomware are committing a serious crime, and should be reported to law enforcement as soon as they are detected. However, it’s also important to remember that, even if a victim pays the ransom demand, they won’t necessarily receive a decryption key.