BotNet News

Ransomware is a highly profitable form of malware that has quickly exploded in popularity. Attackers target companies, critical infrastructure, and even individuals by encrypting their files, and then demanding payment for the decryption keys. This has resulted in countless headlines involving companies forced to make difficult decisions about whether or not to pay the demanded ransom.

Cybercriminals are targeting business systems because they have higher profit potential and less security. In addition, they have learned that a successful infection can cause major disruptions such as medical appointments being cancelled and industrial plants going offline, both of which increase their chances of getting paid.

A typical ransomware attack starts with the attacker gaining access to the system by exploiting a vulnerability found in software applications. These vulnerabilities can be as simple as a mistyped email attachment, a weak password being cracked, or a system that has been left unpatched.

Once a cybercriminal has gained entry, they will begin to encrypt the victim’s files with an attacker-controlled key, replacing them with encrypted copies and deleting backup and shadow copies. This process is very quick and usually occurs without the victim’s knowledge. Once the attackers have successfully encrypt all of a company’s files, they will then display a message on the victim’s computer screen that asks for payment to obtain the decryption key. This message also usually threatens that if the demanded payment is not made, the victim will be exposed in a public data breach.