BotNet News

Your source for Online Security News

Ransomware is malware that encrypts files on the victim’s computer and then demands payment in order to decrypt the data. Threat actors deploy various kinds of ransomware, such as Ryuk (first detected in 2018), which targets large organizations and governments.

Ransomware victims are urged to pay the ransom demand to regain access to their files, but doing so may not work. Many people and organizations have paid a ransom only to find that they are unable to recover their files even after receiving a decryption key. The reason is that criminals aren’t in the file recovery business; they are in the money-making business.

Some types of ransomware, such as leakware or doxware, threaten to publish sensitive information stored on the victim’s hard drive unless a ransom is paid. Others, like encryption ransomware, encrypt all the files on an infected device, making them unusable without a decryption key.

Criminals exploit vulnerabilities in a company’s computer systems to launch ransomware attacks. Attackers use a variety of delivery methods, including email and phishing campaigns, to spread the malicious software. Attacks are also distributed by ransomware-as-a-service (RaaS), wherein cybercriminals recruit affiliates to launch attacks on their behalf and share in the profits.

Companies should follow their written incident response plans in the event of a ransomware or cyber extortion incident. They should notify all stakeholders as determined by their incident response plan, including senior management and the legal department. Notifying the legal department at the outset allows the legal team to ensure that any communication with threat actors is covered by attorney-client privilege and the work product doctrine, limiting the exposure of the company to class-action lawsuits or other liability claims related to a data breach.