BotNet News

Your source for Online Security News

Ransomware

Ransomware is malware that encrypts files on a device or network, and then demands payment to unlock them. It typically gains access via an unsuspecting victim clicking on a malicious attachment or compromised URL, and it can then spread to other devices on the same network. Home users can be just as vulnerable as enterprises, especially if they comeleate personal and business devices.

Once ransomware encrypts a victim’s files, the attackers display a message on their computer screen demanding payment to get their data back. The victims are usually told they must purchase cryptocurrency like Bitcoin to receive a decryption key that will allow them to unlock their files. The malware may also delete backup or shadow copies of encrypted files, making recovery without the decryption key more difficult.

Despite the fact that many law enforcement agencies advise people not to pay attackers because doing so only encourages more attacks, victims often do a cost-benefit analysis and decide to pay the demanded ransom to recover their data. However, paying the ransom does not guarantee that the attacker will give the victims a working decryption key; they could just keep requiring additional payments.

Some ransomware variants claim to be part of a criminal investigation and threaten to publicly expose the victims’ information if they don’t pay the ransom. This type of ransomware is called leakware or doxware. Fortunately, these attacks are less common than encryption ransomware. To help defend against ransomware, users should be sure to use comprehensive security software and keep it updated regularly. They should also be wary of emails or messages from unknown sources, and avoid downloading or running programs from untrusted sites.