BotNet News

Your source for Online Security News

Ransomware is malware that encrypts files on an infected system, and only gives back the data if the victim pays a ransom. It’s a growing threat, and one that businesses should include in their cybersecurity plans.

The first step of any ransomware attack starts with the attackers gaining access to the network. Often, this is done by stealing or guessing an employee’s login credentials and using those to authenticate to the enterprise systems. Other times, attackers use tools like Remote Desktop Protocol (RDP) or Windows Server Management Console (WSMC) to gain direct control of machines on the network. Ransomware variants, such as WannaCry and NotPetya, are also known to exploit vulnerabilities in Microsoft’s SMB protocol.

Once inside the network, attackers will scan for vulnerable machines and infect personal computers. Since many business employees work from home, and a significant percentage of them co-mingle their personal devices with work-related ones, these personal computers are often the first point of entry for ransomware.

When the malware encrypts files, it will typically display a screen announcing that the files are encrypted and a deadline to pay the ransom. Criminals may also threaten to expose the victims publicly or post their details on forums, further escalating the pressure to pay.

As soon as an organization knows it’s been infected by ransomware, it should call law enforcement. This is important for a number of reasons. For example, law enforcement can ensure systems aren’t compromised in other ways, and they can help find the attackers.