BotNet News

Your source for Online Security News

Ransomware

Ransomware is making headlines on a near daily basis, and for good reason. Cybercriminals have discovered that companies are willing to pay a significant sum of money to recover data after an attack, and the amount being demanded has escalated significantly this year.

Ransomeware works by accessing files on a victim’s system, encrypting them with an attacker-controlled key, then replacing the originals with encrypted versions. Often, the attacker will delete backup and shadow copies of those files to further complicate recovery without the decryption key.

Once a ransomware attack has occurred, it’s important to follow your written incident response plan, and especially ensure that any impacted systems are isolated as quickly as possible. Isolating the infected device(s) and powering down aspects of your network and shared drives will help prevent the spread of the infection to other devices.

In addition, it is critical that you contact your insurance carrier and have them pre-approve any payment to the threat actors. Cyber insurance is designed to help mitigate the financial burden after an incident, and some policies even include coverage for paying ransoms. However, if you pay the criminals, they will likely use your payment information to make more attacks.

It is also important to remember that what you’re dealing with are criminals, not computer scientists. Their goal is not to help you recover your files; it’s to make a quick buck. If they weren’t getting paid, they would move on to something else.