BotNet News

Ransomware is malware that locks or encrypts your electronic files, preventing access to them until you pay a ransom. In most cases, you can recover the files without paying a ransom if you follow cyber security best practices.

During an attack, bad actors gain access to your network by leveraging vulnerabilities such as social engineering, phishing emails and malicious file attachments. Once inside your network, they can move rapidly to spread to connected drives and machines. Once they’re able to seize a domain controller or compromise credentials, they can freeze the services in your network and encrypt your data backups.

Once the ransomware encrypts your files, attackers will send you a message describing how to pay the ransom, usually in cryptocurrency or some other untraceable method, in exchange for a decryption key. Some attackers have gotten more creative over the years, including asking victims to pay in Apple iTunes gift cards, which allow criminals to stay anonymous.

As the ransomware threat has matured, organized gangs have entered the field and improved their abilities, targeting high-value sectors and deploying more advanced encryption capabilities. CryptoLocker, which first appeared in September 2013, is widely credited with kick-starting the modern ransomware era. Later, Defray777 and other variants of ransomware became more sophisticated and better able to avoid detection by antivirus software.

Several groups are launching attacks targeting critical infrastructure, particularly in industrial manufacturing, financial services and healthcare. A single attack can disrupt the entire health system and cause thousands of canceled appointments, patient deaths and surges in emergency room traffic. Protecting healthcare from ransomware is a whole-of-society responsibility and requires collaboration among clinical leadership, emergency management, legal counsel, operational staff and community partners.