BotNet News

Ransomware is a pernicious threat that continues to evolve and grow. As a cyberattack that simplifies the typical attacker value chain, it exploits vulnerabilities that are abundantly available in software and computing systems; offers attack building blocks for parties with a wide range of technical skills; and sells access to a victim’s data — essentially ‘data as a service’ — to actors that are financially motivated to generate revenue through criminal activities.

As a result, attackers can deploy a ransomware attack with relatively few resources and achieve substantial financial returns on their investment in the crime. Ransomware attacks are almost exclusively motivated by financial gain. Thus, reducing the financial benefits to criminal actors through societal and legal pressure could significantly reduce the frequency of ransomware crimes.

Initially, attackers typically launch ransomware attacks against low-hanging fruit such as small and midsize businesses (SMBs) because they are less likely to have comprehensive security measures in place and may not have an internal cybersecurity team that understands the implications of a ransomware attack. Larger organisations with large storage volumes of marketing collateral and applications are also targeted because they have the potential to generate more monetary revenue for the attackers.

In addition to implementing preventative measures, such as strong passwords, limiting administrator privileges, running antimalware and antivirus software on all devices, and enabling firewall protections, companies should consider using a dedicated threat intelligence platform that can quickly detect ransomware activity, identify the affected network assets and encrypt file hashes, IP addresses and domain names associated with the malware. These platforms should also provide forensic capabilities, such as decrypting data backups and identifying the source of the ransomware attack.