BotNet News

Ransomware is malware that secretly infects a computer or network, and then encrypts files to deny access. After encrypting the files, the attackers display a message demanding payment to return access. The attackers also may delete backup and shadow copies of the encrypted files to make recovery more difficult.

While anyone can be the victim of a ransomware attack, cyber criminals target certain organisations that have more incentive to pay quickly such as hospitals and their associated data systems. These groups also are more likely to have the resources to quickly recover from an attack. In some cases, attackers will even double the extortion fee if victims decline to pay right away, further motivating them to quickly recover from an attack.

At-home workers are a primary target for ransomware attacks because many don’t have enterprise cybersecurity protection and often comelead personal devices with work devices. Additionally, a growing number of organisations support remote work, and at-home employees can easily access corporate networks.

Using malvertising to infect computers, ransomware can spread to networks, where it can find critical file locations and infect all connected machines. Once an organisation is infected with ransomware, it’s essential to disconnect all affected systems by disabling network access or powering them down. This is an important step because the threat could use backdoors to re-infect the environment.

Once the attack is contained, an expert should perform eradication to ensure that the threat is completely eliminated from the environment. This includes assessing the impact on operations and prioritizing the restoration of systems based on productivity and revenue impact.