BotNet News

Ransomware is malware that encrypts files on infected machines and requires payment of a ransom to unlock the data. The malware can be spread via phishing attacks, malware downloads from malicious websites, remote desktop protocol (RDP) vulnerabilities and more. Once ransomware has been infiltrated, it can begin to spread quickly and wreak havoc across the network with unauthorized lateral movement (encrypting each machine in its path). The malware will also hide itself from detection by disabling Windows Defender and other anti-virus solutions.

Hackers are exploiting security weaknesses to steal and hold data hostage, extorting millions of dollars in ransom payments. This “Big Game Hunting” behavior is on the rise and doesn’t seem to be slowing down. Recent high-profile victims include Colonial Pipeline, JBS Foods and hospitals in the US and abroad.

Cyberattackers can spread ransomware through phishing emails with booby trap links or attachments or by exploiting software vulnerabilities or RDP connections. Once a machine is infected, it may begin encrypting all data in the system or specific directories depending on the attack.

Organizations can minimize the impact of ransomware with a robust incident response plan that includes granular reporting and analysis to identify infected machines, disconnecting from networks and locking shared drives to prevent spread. They should use a backup of encrypted files and contact Federal Law Enforcement to determine what strain they are hit with, available decryptor tools and whether paying the ransom is a viable option. Paying a ransom to attackers in countries with economic sanctions violates US Office of Foreign Assets Control regulations and can lead to fines or criminal charges.