BotNet News

Ransomware is a cyber-extortion attack that encrypts files or data so you can’t access them. It’s typically downloaded through phishing attacks or by clicking on a malicious link or attachment in an email that appears legitimate but actually isn’t. After an infection, a victim will see computer messages telling them they can’t access their files and demanding a ransom payment in cryptocurrency to restore access. Often, once a victim pays the ransom, cybercriminals keep their word and provide the decryption keys they claim to have.

Attackers target victims from all industries and business types. Some high-profile attacks include the attack on the Colonial Pipeline, Steamship Authority of Massachusetts, and JBS (the world’s largest meatpacker).

Regardless of who’s targeted, most ransomware infections start with employees interacting with a phishing email that poses as a bank or other trusted entity and asks them to click on a link to “resolve an issue.” Once clicked, the malware downloads and installs itself.

A company that suffers a ransomware attack faces loss of productivity, costly recovery expenses, brand damage, and litigation. To reduce the risk of an incident, companies should implement a written cybersecurity incident response plan that includes implementing an up-to-date patching system to minimize security vulnerabilities that threat actors could exploit. They should also consider using products like Cortex X that are designed to detect and identify insider threats by leveraging contextual awareness, not relying on machine learning alone. Finally, involving an attorney from the outset of any investigation can protect communications with threat actors, as well as leverage attorney work product protection, reducing the risk of class action lawsuits and other legal claims following a breach.