BotNet News

Ransomware attacks can have devastating impacts on organizations, from the initial disruption to the extended recovery period. These incidents can cause financial, operational and reputational loss. Organizations should be prepared by developing and implementing an incident response plan that addresses mitigation and remediation strategies. This includes having backups of key line-of-business applications and regularly testing a restore process to ensure they can be recovered.

Ransomware is a type of malware that infiltrates computers and systems and encrypts files, making them unusable until the victim pays a ransom. It uses several techniques to gain access: compromised credentials, remote desktop software vulnerabilities, phishing, malicious websites and malvertising.

Once ransomware infiltrates a network, it scans available local and network storage systems for file extensions that are targeted for encryption (asymmetric or symmetric). It then encrypts those files, preventing users from accessing them without the decryption key. Attackers typically demand payment in an untraceable cryptocurrency like Bitcoin to avoid being caught.

In recent years, ransomware incidents targeting critical infrastructure have soared. High-profile victims include Colonial Pipeline, JBS USA and Kaseya Limited. Attacks on healthcare organizations have also risen sharply, including the 2024 attack against Change Healthcare that caused widespread disruption to pharmacies and hospitals across the United States.

While it may be tempting to pay the ransom, experts and federal law enforcement agencies advise against it. Paying a ransom encourages more attacks and does not guarantee the return of encrypted data. Instead, IT professionals should follow best practices such as isolating infected machines and powering down systems to limit spread of the ransomware, creating backups, and contacting the FBI for help with available decryptors and investigations.