BotNet News

Ransomware is a specific subset of malware that extorts money by blocking access to files and systems until a payment demand is met. It can have a range of impacts, including stealing sensitive data, damaging systems, creating botnets or simply causing disruption.

The cybercriminals behind ransomware attacks have a number of different ways to extort victims. They may send messages claiming to be from law enforcement agencies, saying that child pornography or other illegal content has been found on a computer and demanding a penalty fee (Trend Micro Research 2022). Other variants include Trojans that notify the victim that unlicensed software is installed, while others require victims to pay in Bitcoin or other difficult-to-trace digital currencies.

In general, ransomware targets low-hanging fruit such as small and midsize businesses that do not have extensive security measures in place. They are also less likely to have a dedicated IT team to resolve the incident and can suffer the most damage from business interruptions. Ransomware can also hit public services and utilities, such as when a ransomware attack against Colonial Pipeline in April 2021 caused gas stations to stop service, leading to long queues and chaos (Paul 2021).

The key to mitigating ransomware threats is to prevent them. However, many organizations may be forced to respond to an infection by isolating affected devices, disconnecting them from the network and ensuring shared drives are locked to prevent further encryption. Then they must evaluate their backups and check whether decryptor tools are available. They must also be prepared to pay the demanded amount of money if the recovery process is unsuccessful.