BotNet News

In 2021, ransomware made the news when it hit Colonial Pipeline, Steamship Authority of Massachusetts, and JBS (the world’s largest meatpacker). Attacks like these result in the shutdown of critical infrastructure which can cause supply chain disruptions, reduced customer satisfaction, loss of revenue, financial damage from extortion demands, and reputational harm.

Despite the widespread press coverage, very little research has been done on the nature of ransomware attacks and the factors that incentivise their proliferation. As a result, the public perception of ransomware is misguided. While ransomware attacks may be damaging to businesses, economies and societies, actors’ rationale for continuing to develop and deploy this crimeware is simple. Ransomware simplifies the attacker value chain, commoditising data and selling access to it for a relatively low cost and risk to an actor’s digital criminal ecosystem.

Historically, ransomware targeted random users via malicious email attachments and demanded a small sum in return for decryption keys. But as the malware matured, organized gangs became involved in its distribution and development, paying experts on the dark web for skills and expertise, and improving the software to increase its success. Eventually, ransomware began to target large organizations and industries with more sophisticated encryption and attack methodologies.

The most effective way to protect against ransomware is to back up all your data and regularly verify backups. Additionally, train your employees to watch out for suspicious external links and questionable file attachments, and implement security awareness programs with regular training, drills and tests. If you do get a ransomware infection, keep current with the latest threat information and take advantage of free decryption tools that are often provided by tech companies to help victims. Also, have an incident response plan that includes a ransomware section to guide your teams and mitigate the impact.