BotNet News

Your source for Online Security News

Ransomware

Ransomware is a type of malware that encrypts a victim’s files and then demands payment in exchange for the decryption key. It’s not just the financial impact of being held hostage by hackers — ransomware can also take systems offline for weeks and months, driving down productivity and potentially leading to brand damage.

Threat actors are continuing to develop and refine their ransomware tactics, with demand for payments soaring into the tens of millions of dollars this year. Whether it’s the Albuquerque school district being asked for $100,000 for their encrypted data or the latest attack on the City of Atlanta, attacks have become more frequent and sophisticated.

The 2022 Unit 42 Incident Response Report found that 48% of ransomware incidents began with vulnerability scanning and exploiting software flaws. Once threat actors find their way into your environment, they can move throughout your networks searching for high-value targets. Once they have identified and targeted a device, they can then run a series of malicious scripts to gain full control over that system.

Despite the strong advice by law enforcement not to pay ransoms, many companies end up doing so out of a sense of desperation. As a result, they aren’t just losing data; they are also potentially violating the terms of their cyber insurance policy by communicating directly with the hackers that hold them hostage. To prevent this from happening, it is imperative to keep the lines of communication open between the company and its insurer, which is why it is critical for audit committees and senior management to be prepared with a written incident response plan that includes looping in the legal department at the outset.