BotNet News

Your source for Online Security News

Ransomware

Ransomware is a malicious computer attack that encrypts files, halting access to critical systems and services. Attackers then demand a payment in a cryptocurrency such as Bitcoin to decrypt the file. If the victim doesn’t pay, attackers typically threaten to expose the organization in a public announcement. Recent high-profile victims include Colonial Pipeline, JBS USA, Davidson County, North Carolina, the government of Costa Rica and more.

Traditionally, ransomware attacks are viewed as white collar crimes and the consequences have been financial rather than physical harm. The COVID-19 pandemic has shifted the threat dynamic, with opportunistic amateur and hobbyist hackers now being joined by more experienced criminals and cybercriminal networks. Globally, respondents to the Allianz Risk Barometer 2022 cited “cyber incidents” including ransomware attacks as their top business concerns, outranking even climate change and supply chain disruptions.

The ransomware infection path often starts with a malicious email attachment or compromised URL, masquerading as an installer of a popular program or malware embedded in Microsoft Office files (like the malware known as ZCryptor). It then spreads through common techniques such as Remote Desktop Protocol and brute force attacks to guess weak passwords.

In some cases, attackers are human operators leveraging insights into common system and security misconfigurations to infiltrate the network and move laterally, taking advantage of maintenance windows, gaining elevated privileges with stolen credentials and using Remote Desktop Protocol for further infiltration. In others, the attack is automated, like the WannaCry malware which leveraged the EternalBlue vulnerability. For the most sophisticated operations, attackers might use a combination of both methods.