BotNet News

Despite its relatively recent introduction to the threat landscape, ransomware has become one of the most pernicious forms of cyberattacks. The malware encrypts data and then presents the victim with an on-screen message that requests payment in exchange for keys to unlock the data. The attacker demands an amount of money – known as the ransom – that can range from a few hundred dollars to a few million. If you don’t pay right away, the attacker often threatens to publish a list of companies that refused to pay the ransom. This is called double extortion and is meant to further motivate victims to pay.

Ransomware is commonly delivered through phishing emails and social engineering techniques that infect a device or system. Attackers can then use stolen credentials to spread the malware across a network. Once the attacker gains a foothold, they look for opportunities to encrypt critical files or systems. In many cases, the attacker will also look for backup data and encrypt or delete it. This can have a significant impact on your business and can be particularly damaging to your brand.

When dealing with a ransomware attack, you should follow Microsoft Incident Response guidance to assess the incident and determine how to proceed. Beware of decryptors that are offered on the dark web. Threat actors are not in the file recovery business; they’re in the money-making business. Even a decryptor that is able to unlock your files may be unable to restore them completely due to corruption from the encryption process. This is why you must have backups of all digital data that are stored separately from your centralized network and are regularly verified using a restoration exercise.