BotNet News

Your source for Online Security News

Ransomware has exploded in recent years, and it shows no sign of slowing down. It takes advantage of security weak points to encrypt files, hold them hostage and demand money for their return. It’s a great way for cybercriminals to make fast cash. And it can be especially effective against organisations with irreplaceable data, such as the healthcare organisations that were hit by WannaCry.

The ransomware virus or malware is delivered via phishing, or by exploiting security weaknesses in an organisation, such as software vulnerabilities, cracked passwords or unpatched remote desktop access software (RDP). It then encrypts files on the network, often targeting those that are critical to the business and displaying a ransom note. The criminals that deploy ransomware promise victims they’ll give them a key to decrypt their files after they pay. But in many cases, they don’t.

Those that do provide a decryptor may only be able to unlock part of the victim’s data. And it’s not uncommon for the encryption process itself to corrupt some files beyond repair.

If you suspect an infection, start by recording details of the attack and disconnecting any devices that aren’t essential to your operations. Then, shut down the infected device by holding down its power button or unplugging it from the wall. Once you’ve isolated the infected device, apply best practices to regain control of the network. You can also use a tool like No More Ransom, a global initiative Trellix is a part of, to identify the variant and determine the most effective response.