BotNet News

Ransomware is a type of malware that encrypts files or data so you can’t access them. It typically demands payment of a cryptocurrency (Bitcoin is a popular choice) to unlock the affected devices or data. Cybercriminals have used this tactic for decades to extort money from average users and businesses.

Ransom attacks are becoming more sophisticated with a focus on big targets with deep pockets. These large-scale cyber attack playbooks typically involve human actors who use knowledge of common system and security misconfigurations to target a business’s most valuable assets, halt productivity and steal credentials that could be exploited to gain further access to a corporate network.

Often, the attack is designed to take down the entire organization’s systems. The resulting disruption in production, lost data and revenue can be devastating. It is important to develop cyber attack playbooks to prepare for these types of incidents and to have incident response plans that enable smart decisions and quick action.

Some of the most prominent ransomware variants include SimpleLocker, which scanned SD cards to encrypt images and documents; CTB-Locker, which accessed victims’ cameras to collect device numbers and model numbers; TeslaCrypt, which encrypted files up to 268 MB and used Tor to hide from detection; and Maze, which used double extortion by stealing sensitive data and threatening to publish a victim’s personally identifiable information in a doxing attack.

Other threats to keep an eye out for are BlackCat, a ransomware written in the Rust programming language to evade detection; Jgsaw, which uses a combination of asymmetric and symmetric encryption; and Cerber, which uses a “zombie” program to delete a victim’s files after one hour. These attacks are typically carried out by Russian-speaking cybercrime syndicates based in former Soviet states and beyond the reach of U.S. law enforcement.