BotNet News

Ransomware is malware that infects your devices and encrypts their data, blocking access to the affected files. The attackers then demand a payment in cryptocurrency to decrypt the files. This payment method is popular with cybercriminals because it’s nearly impossible to trace and allows for anonymity. In addition, ransomware authors often require payments in Apple iTunes gift cards, which can further obscure the source of the money.

In the early years of ransomware, attackers used to extort victims by pretending to be law enforcement. For example, Reveton ransomware claimed the victim’s PC had been encrypted by “police” to extort a fine for copyright infringement or child pornography and threatened criminal prosecution if the payment wasn’t received. These tactics helped to make ransomware a profitable crime.

As ransomware evolved, organized gangs began to take over the market. They started hiring employees to perform tasks like finding vulnerabilities and installing software exploits on target networks. This led to better-quality malware and increased success rates.

Attackers also shifted their focus from consumers to businesses, which had more resources to pay ransoms. Additionally, attacks grew in scale and ambition. Some ransomware variants like Maze began stealing sensitive data from targeted systems before encrypting it. This data would be published on the internet if the ransom wasn’t paid, further enticing victims to pay up.

In the case of a ransomware or extortion incident, your business should follow its written incident response plan, and notify senior management and the legal department as soon as possible. Notifying the legal team early on allows for the investigation to be protected by attorney-client privilege and the work product doctrine, reducing your risk of exposure in class-action lawsuits and other litigation that may arise from the incident.