BotNet News

Ransomware: a cyber attack that targets businesses with malicious encryption software

Attackers gain access to your network through one of several methods, including phishing, exploit kits, or malware hidden in a downloaded file or link. Once inside, they install and activate ransomware software that encrypts data across your network so you can’t access it. The attacker then presents an on-screen message urging you to pay a ransom to regain access to your data.

Early ransomware attacks were largely directed at individuals and used simple, symmetric cryptography to hold data hostage. The first ransomware software, known as PC Cyborg, was created in the 1980s and encrypts files on the C drive after 90 reboots, asking victims to send $189 to a P.O. box for decryption keys.

By the late 2000s, criminals began targeting businesses and organizations with more sophisticated public key encryption, requiring larger ransom payments to get data back. The emergence of cryptocurrency like Bitcoin made the ransomware business model even more lucrative for hackers.

Ransomware infections continue to grow and evolve. Some examples include Petya and Ryuk, which were both distributed using a malicious update for popular software (for example, Microsoft Windows). BlackCat and DarkSide ransomware gangs have targeted high-profile companies, from Colonial Pipeline to large meatpacker JBS and Steamship Authority, threatening to release their data unless they paid a ransom.

Having robust backup and recovery processes in place that include live mirroring, periodic backups, and hard drive imaging helps limit your exposure to ransomware attacks. Also, segmenting your networks allows you to isolate an infection and prevent it from spreading. Keep your hardware and software updated, as patches for flaws are often included in updates.