BotNet News

Your source for Online Security News

Ransomware

In recent years, ransomware attacks have increased in sophistication and frequency. Hackers have learned to stay undetected in their victims’ networks, gaining access to information and files that are of greatest value. They can then sell those assets to the highest bidder. Many attacks are perpetrated by large-scale Ransomware as a Service (RaaS) operations such as Conti, DarkSide and REvil, that provide the infrastructure for attackers to conduct an attack without requiring advanced IT knowledge or dedicated hardware.

Once attackers gain access to a network, they plant malware to lock devices and encrypt data. Once the encryption process is complete, attackers display a message to users explaining that their files can only be decrypted with a key known only by the attackers. They often demand a sum of money, typically in untraceable Bitcoin payments.

While it’s not uncommon for companies to pay a ransom, there are reasons to consider alternatives. It’s important to follow a written incident response plan and to include the company’s legal department in that effort from the outset. This can protect the organization from the risk of a class-action lawsuit, and it can help ensure that offers to pay the demanded ransom are pre-approved by the insurance carrier.

Continuous, protected data backups can also help avoid the need to pay a ransom. By storing backups offsite, an organization can recover from ransomware or other malicious activity without paying the requested ransom amount. It’s also critical to have a security architecture that is layered and includes technologies like next-generation firewalls, email security systems and intrusion prevention systems.