BotNet News

Ransomware is malware that encrypts data files and then displays a notification asking for payment in order to decrypt the files. The attack usually starts as a phishing campaign or by using compromised credentials to log into enterprise systems. Then, the malicious actors encrypt certain types of files (avoiding those essential to system operation) and then present a ransom demand.

After the initial attack, attackers typically add countdown timers and infection routines that allow the malware to spread more rapidly across networks and servers. Threat actors also continue to experiment with different features that increase the stakes for victims by adding things like alternative payment platforms, increasing the ransom amount over time or even threatening to cause potentially catastrophic damage.

Cyberattacks are costly for organizations—not just in terms of paying a ransom but due to the loss of business and other indirect costs like remediation, forensics and potential legal fees. To mitigate the impact of an attack, decision-makers should have in place plans that include developing incident response playbooks. These plans should address how to handle an attack, from responding to a breach of sensitive data to how to respond to a ransomware attack.

Ensure protection against ransomware attacks by using a network security platform that offers multi-layered threat prevention including firewalls, web application firewalls, intrusion prevention and detection systems (IPS/IDS) and deception-based detection. These tools can identify read/write behaviors associated with ransomware encryption and block infected users and endpoints from access to data, while allowing unaffected users full data access.