BotNet News

A ransomware attack can shut down critical systems and disrupt the delivery of essential services. Organizations can also incur substantial financial losses due to lost revenue, forensic analysis, recovery costs and remediation time.

Ransomware’s earliest iterations demanded ransom payments in exchange for decrypting an infected device. As malware evolved, threat actors discovered they could make more money targeting businesses. Ransomware variants now encrypt victims’ files with asymmetric or symmetric encryption, creating public-private key pairs. Cybercriminals often demand payment in cryptocurrency, mainly Bitcoin, to avoid detection.

Some attackers employ a strategy called spray attacks, where they target as many devices and victims as possible. These attacks use social engineering and phishing campaigns to distribute malware. Others leverage RaaS (ransomware as a service), in which third-party criminal groups acquire illegal access to private networks and sell it to ransomware operators, who then launch targeted attacks.

Newer threats include ransomware with worm capabilities, which can locate and disable backup files and system restore functionality. A strain known as Ryuk is capable of destroying hard drives and can even delete a victim’s operating system, preventing it from restarting.

Other attackers use extortion tactics, such as threatening to publicly release sensitive data if victims don’t pay a ransom. The criminal group Lapsus$, for example, claims to have broken into high-profile targets, including Nvidia, Samsung and Ubisoft. This type of ransomware is sometimes referred to as leakware or doxware. Attackers can also exploit vulnerabilities to inject their malicious code into vulnerable systems, like how WannaCry abused the EternalBlue vulnerability.