BotNet News

Ransomware is a cyber-attack that encrypts files or data so the victim cannot access them. Threat actors then display a message that demands a payment of a specified sum in cryptocurrency to decrypt the files or data and restore access. In some cases, threats are to publish stolen information on the internet unless the ransom is paid.

The first ransomware attack occurred in the 1980s with a program called PC Cyborg that encrypts the C: drive after 90 reboots and holds users hostage. But this type of ransomware is largely considered obsolete, and it has not been a significant threat to average users. Later, a more advanced ransomware program called CryptoLocker appeared in 2013 that used military grade encryption and stored the key on a remote server making it very difficult for users to retrieve their encrypted files without paying the ransom.

In late 2020, another variant of ransomware dubbed Ryuk emerged that targeted organizations and government agencies and encrypts files as well as steals data to publish online or blackmail victims with. It is a more sophisticated form of ransomware that uses double extortion and command and control via Tor, among other tactics.

The best way to mitigate a ransomware attack is to have a comprehensive incident response plan, as detailed in the CISA’s “Ransomware Response Checklist.” This includes isolating infected aspects of your system (some ransomware attacks will attempt to spread by attacking other devices on a network) and powering down components that could potentially spread the infection. It is also recommended to have backups that can be used to recover from a ransomware attack. Finally, it is highly recommended to report the attack to law enforcement for several reasons. They may have available decryptions, help with detection and may launch an investigation into the attackers.