BotNet News

Ransomware is malware that encrypts files in an organisation’s network. The attackers then demand a ransom to be paid to regain access to the files. This type of attack can lead to organisations being unable to function for weeks or even months, losing millions of dollars in lost revenue.

Many ransomware attacks start with someone inside an organisation clicking on a malicious attachment in a spam email or from a fake link on a website. Others gain entry to the network through software flaws and exploits, cracking passwords or via remote-desktop logins that allow them to search for systems with weaker defences. Once inside, the attack can spread from system to system by hunting through the organisation’s network until it controls enough.

Once in control, the ransomware will encrypt files and replace them with encrypted versions. It can also remove backup and shadow copies to make recovery without the decryption key much harder. During this phase, it is not uncommon for attackers to target specific types of data such as customer login credentials or intellectual property that they know is valuable.

The extortionate price of the ransom is used as an incentive for companies to pay. The attackers will promise that if they are paid, all copies of the stolen data will be destroyed and the decryption keys provided. Some gangs are even downright customer-service oriented, adjusting the demand based on how quickly the company needs to pay and accommodating preferred cryptocurrencies.