BotNet News

Ransomware has become one of the most pervasive cyber threats in our tech-centric society. From a single ransomware attack that first appeared in September 2013 and is known as CryptoLocker to high profile attacks that have caused major disruptions such as the Colonial Pipeline hack that temporarily skyrocketed U.S gas prices and the record $40 Million ransom payout by CNA Financial, the threat has evolved into a significant reason why organizations must develop and monitor comprehensive cybersecurity strategies.

Typically, ransomware is introduced to a system by phishing emails or social engineering tactics that trick a user into clicking a malicious link. Once a device or system is infected, the malware can then search local and network storage systems for specific file extensions that may be valuable to the attacker and encrypt them using asymmetric or symmetric encryption methods. Depending on the variant, the malware may also delete backups and shadow copies of the files to make recovery more difficult without the decryption key. After encrypting the files, the attacker will leave a note that instructs victims on how to pay the demanded ransom, usually in cryptocurrency like Bitcoin.

Attackers typically target sectors where disruptions can yield quick financial gains. Education is the most impacted sector, with healthcare and manufacturing following closely behind. These sectors often feature lax cybersecurity measures that allow bad actors to quickly exploit them.

However, attackers are also deploying ransomware attacks that essentially “wipe” systems and data. This escalation is an attempt to make it even more difficult for victims to recover from these types of attacks without paying the ransom. This is particularly concerning as attacks leveraging wipers continue to grow, further illustrating the need for robust, proactive security postures across organizations.