BotNet News

Ransomware is a type of malware that infects a computer or network and encrypts the victim’s files. The attacker then demands a payment in exchange for the decryption key. These payments typically must be made in cryptocurrencies such as bitcoin to avoid being traced. Alternatively, the attacker may threaten to double the ransom or publicly post the list of victims, which further motivates businesses to pay.

Attackers gain access to a target system through phishing, vulnerability exploitation or compromising remote access protocols like RDP. Once inside, they begin scanning for targets and gathering intelligence on the systems and domains that they can currently access. They also focus on identifying valuable data and exfiltrating it (stealing it) for their own use. During this phase, the attackers might also target external systems or domains to increase their revenue potential.

Crypto ransomware first appeared in late 2016 and was credited with kickstarting the modern ransomware epidemic. This type of ransomware identifies and encrypts files, typically using a strong encryption algorithm. It also encrypts data on cloud storage and local backups to make it more difficult for victims to recover their files without paying the demanded ransom. Some crypto ransomware variants also disable system restore features and delete backup and shadow copies on the affected device or network, further increasing pressure to pay.

Cyber criminals tend to target small and midsize businesses (SMBs) because they often have less sophisticated security measures in place than larger organizations. They also can’t afford to invest in the expensive IT hardware and software required to recover from a significant ransomware attack. In addition to the financial loss from extortion, business disruption can cost SMBs money in incident response costs, digital forensics and legal and PR counsel, all of which can damage a company’s reputation.