BotNet News

Ransomware has been around since the late 1980s, but it didn’t really gain momentum until the 2000s when the rise of Internet use and file sharing made it easier for cybercriminals to target a large number of systems. Early ransomware variants like AIDS Trojan, GPCode and Archievus were basic by today’s standards, but they set the stage for attackers to disrupt and extort victims on a large scale. Over the years, attackers have refined their tactics by enhancing propagation methods, encryption techniques and adding features like data theft to their arsenal.

Ransomware typically targets specific files on an infected system and encrypts them with a key sent to the attacker’s C&C server. Attackers then notify the victim on a lock screen or by email that they need to pay a specified amount in cryptocurrency, such as Bitcoin, to get their data back. Victims have reported varying degrees of success with decryption after paying the ransom, and it is not uncommon to encounter repeat attacks.

Most cybersecurity experts and law enforcement agencies strongly recommend against paying the ransom. In fact, the U.S. Treasury has warned of sanctions against individuals who accept payments to ransomware attackers. Ideally, organizations should have an incident response plan in place that includes steps such as isolating the infected aspects of the system, powering down those components and notifying local law enforcement. Some of these plans also include involving third-party security firms that have experience in ransomware mitigation and negotiations.