BotNet News

Your source for Online Security News

Ransomware

Whether the ransom demand is for thousands or millions of dollars, the news of high-profile cyber extortion attacks against companies, hospitals and other public infrastructure has become a daily occurrence. Often these attacks are carried out with a new variant of ransomware, and the threat actors behind them continue to evolve their approach.

Ransomware typically starts with a malicious link or attachment in an email that opens on a victim’s device, and once opened it searches for and encrypts valuable files. The ransomware then displays a message with instructions for how to pay the attacker, usually in Bitcoin. Once paid, the attacker promises that all copies of the encrypted data will be destroyed or they will provide a decryption key. However, many companies that have paid their ransoms still cannot recover the files.

A few of the more notable ransomware variants include Locky, which was released in 2016 and quickly became one of the most commonly distributed forms of malware, and Troldesh, a ransomware that spreads via emails with file attachments, as well as GlobeImposter, Philadelphia, REvil (used by the 2021 attack against JBS USA and Kaseya Limited), and DarkSide. REvil, in particular, demonstrates how ransomware is now available through a ransomware as a service model.

The best way to prevent ransomware is to keep your devices and systems up to date, with patches and updates regularly released to plug security holes. In addition, performing regular backups (to a cloud or physical storage option) will prevent ransomware from locking your files and blocking access to them. And using an ad blocker on your device or computer can protect against malvertising links and drive-by downloads, two common ways hackers use to distribute ransomware. Finally, it is important for any company that experiences a ransomware or other cyber extortion attack to follow its written incident response plan and notify both senior management and the legal department at the earliest opportunity. This can help to preserve attorney-client privilege and the work product doctrine, reducing the risk of exposure in class-action lawsuits or other legal claims that may arise in the wake of a ransomware attack.