BotNet News

Your source for Online Security News

Ransomware

Ransomware is malware that encrypts files or blocks access to them, demanding a payment for their decryption. It is also often used to steal data from a targeted system, which attackers can then threaten to publish online or sell to the highest bidder.

Cybercriminals are developing new forms of ransomware to target more sophisticated targets, such as critical infrastructures in cities and even nations. The goal is to create a threat that could paralyze the operations of these systems until a ransom is paid, similar to how terrorist groups shut down airports and other critical facilities until they receive payments from hostages and victims.

When ransomware gains access to a computer, it typically starts by infecting the system through phishing emails with attachments that look like legitimate files that the victim will trust. This allows the malware to download, which then allows it to take over the victim’s computer, requiring that the victim pay a ransom to regain control. Other variants, such as the notorious NotPetya attack, exploit security holes to infect a computer without needing to trick users.

Maze, the first ransomware family to combine file encryption with data theft, infamously threatened to publish a victim’s private information online if the victim refused to pay the requested ransom. Later, the extortion tool CryptoLocker became widely popular by encrypting files, with the keys required to decrypt them stored on servers that attackers can remotely access.

Ransomware is now widespread, and it has a variety of delivery mechanisms to reach its targets, including phishing emails, remote access tools, removable Universal Serial Bus (USB) drives and chat messages. Regularly patching software and updating Operating Systems reduces the vulnerability of systems to attack.