BotNet News

Ransomware is malware that encrypts data on infected computers, file shares or network devices. Once encrypted, victims are presented with a message on the infected computer that demands payment in cryptocurrency to decrypt the data.

Typically, ransomware infections start with an unsuspecting user clicking on a malicious email attachment or compromised URL. The malware is then downloaded and installed on the victim’s device, where it can spread to other connected devices or network file shares through a process called lateral movement.

Attackers often try to use brute force or exploit known vulnerabilities in operating systems and applications to gain a foothold on the target system. Once they are inside the system, attackers usually focus on identifying and exfiltrating valuable data (login credentials, customer personal information, intellectual property) for double-extortion or to sell on the Dark Web. As ransomware evolved, cyber criminal gangs began to specialize in this type of crimeware and honed their attacks to improve their chances of success.

A notable example of a high-profile ransomware attack was the attack against the Colonial Pipeline in May 2021. The attack caused the shutdown of the pipeline that supplies 45% of the East Coast’s fuel. The attackers demanded a ransom of USD 1 million.

Ransomware attacks can cause significant financial losses due to lost productivity, cost of remediating the infection, paying the ransom demand and lost revenue as a result of a disruption in service or shutting down operations. A well-planned and executed incident response plan, based on the National Institute of Standards and Technology (NIST) Incident Response Life Cycle, can help organizations limit the impact of an infection and prevent future incidents.