BotNet News

Your source for Online Security News

Ransomware

Ransomware is malware that encrypts files, preventing victims from accessing their data until they pay a ransom. It’s a growing threat that affects businesses of all sizes. Attacks can be spread by spammed email attachments, malvertising and exploit kits that target vulnerabilities. Ransomware typically enters a system by tricking users into downloading and executing it, but some variants use other methods like remote desktop protocol (RDP) attacks or by infecting legitimate software programs.

When a victim’s system is infected with ransomware, it will begin encrypting files and adding extensions that render them inaccessible. This step is typically accompanied by a message telling the victim that their data can only be restored by paying a ransom. In most cases, the attackers will also demand that the payment be made in bitcoin.

Some ransomware variants are more sophisticated than others. For example, “screen lockers,” which lock the victim out of their computer’s screen, may display what looks like an official government seal and warn that unlicensed software or illegal web content has been detected. Attackers may even adjust the ransom price based on a country’s economy, demanding more from companies in rich countries.

The first ransomware appeared in 1989. Known as the AIDS Trojan or the PC Cyborg Trojan, it counted the number of times the user booted their machine and then encrypted the machine and all its connected drives. Attackers are continually finding new ways to make their ransomware more lucrative and efficient. This includes limiting the number of files they encrypt to ensure system stability, and deleting backup or shadow copies, making recovery without the decryption key much more difficult.