BotNet News

Your source for Online Security News

Ransomware

Ransomware is malware that locks devices and encrypts data, making it impossible for victims to use their computers until they pay a ransom. The attackers usually demand payment in bitcoin or some other crypto currency and promise to decrypt the data once paid. This is one of the fastest and simplest cyberattacks to carry out, making it a profitable business for attackers.

The ransomware business model has evolved rapidly in recent years, partly because it has become easier to steal and manipulate data through new methods of attack. But other factors also contribute to its success.

Attackers first gain access to your network by exploiting software vulnerabilities. Once inside, they plant malware that encrypts all or some of your files. You receive an on-screen notification explaining that your data is now inaccessible and only by paying a ransom will you get it back. For more information on how different flavors of ransomware encrypt files, Infosec Institute has a great in-depth article.

In 2021, several new ransomware variants appeared that aimed to grab more data from victims than ever before. Maze, for example, used double extortion and was spread through spam emails, RDP attacks and exploit kits. The gang that ran it later shuttered operations. Similarly, a new variant called BlackMatter uses advanced obfuscation techniques and Tor for command and control. It was the malware behind the Colonial Pipeline attack in May 2021 and it has been linked to the DarkSide and REvil gangs.