Ransomware Attacks Target Large Organizations
A ransomware attack typically begins with a human attacker leveraging stolen credentials and exploiting security configuration flaws to gain access to an organization’s network. Once inside the network, they deploy a payload that encrypts data and restricts access to that data. They then demand a ransom payment within a limited time to decrypt the data or it will be lost forever. These attacks can be devastating for any business, but they are also becoming more frequent and more sophisticated. The most recent attacks by REvil and Ryuk have shown how these threats are being used to target large organizations, including global infrastructure and healthcare organizations.
Ransomware has become increasingly popular among criminals because it is relatively easy to execute and can generate significant profits. Its popularity surged as attackers began demanding payments in the form of cryptocurrency, such as Bitcoin, which makes them untraceable.
Once the attackers have been paid their ransom, they will typically provide a decryptor key that unlocks the affected files. Unfortunately, even a good decryptor key is not guaranteed to restore all data because many files are irreparably damaged by the encryption process itself.
Once the ransomware has been contained, it is important to notify law enforcement. This is important because it can help to identify the perpetrators and assist with recovery. Organizations should work with their law enforcement partners to determine which systems have been impacted and to prioritize restoring the most critical systems first. This can include disconnecting and powering down affected systems if necessary.