BotNet News

Ransomware is malware that encrypts your files and demands payment in exchange for the keys to unlock them. The cost of restoring the data is typically several thousand dollars, or even millions for larger organisations. Some attackers threaten double extortion if you don’t pay right away, increasing the risk that you will face repeat attacks.

Until recently, ransomware attacks were limited in scope and sophistication. They infected individual users via phishing emails with malicious attachments, stealing or guessing their credentials and gaining remote access to their computers through services such as the Remote Desktop Protocol (RDP). Once inside the network, they would encrypt your data, display a message to you, and demand payment in return for decryption keys.

As the threat matured, organised gangs entered the arena, advertising on illicit marketplaces for talent and outsourcing functions to freelancers. These developments increased the number and quality of attacks, while also reducing the time required to develop malware and evade anti-malware scanners.

The use of zero-day vulnerabilities—vulnerabilities that are either unknown to the security community or have been identified but not yet patched—has become a significant problem, as demonstrated by the 2017 WannaCry attack.

Despite efforts by law enforcement agencies and cybersecurity companies to disrupt the supply chain of ransomware, threats continue to rise. As of 2024, the most targeted sectors include software development, healthcare, and industrial facilities, according to IBM’s X-Force Threat Intelligence Index. As a result, it is necessary to consider the wider context of these attacks, beyond the narrow view of technical exploits and countermeasures. This requires engaging the domains of economics and criminology, to demonstrate that it is in the financial interest of bad actors to change their incentive model.