BotNet News

Ransomware — malware that encrypts files and locks the victim out of their data unless they pay a fee to the attackers – is one of the fastest-growing cyber threats. This threat has impacted businesses of all sizes and even critical infrastructure, as recent attacks on Colonial Pipeline, JBS Foods and others demonstrate.

Criminal gangs typically use ransomware to extort money and threaten to publish the victims’ confidential information on public websites, further driving up their demands. The average ransom amount paid by victims is over $9K, although payments dropped to less than $1M in 2024 mainly due to nonpayment and law enforcement action against the perpetrators.

Once the malicious software encrypts files, it displays a message to the victim, demanding payment in exchange for the keys needed to unlock the data. The ransom is usually paid in hard-to-trace digital currencies such as bitcoin and often includes a threat to delete the original data, which makes recovery without paying the ransom difficult. In addition, many criminals use “double extortion” by threatening to publish the list of those who refused to pay.

The most effective defense against ransomware involves educating employees, running anti-malware on all devices and making sure backups are available. A strong cyber risk management program also includes monitoring all incoming and outgoing traffic, establishing baselines of normal behavior and deploying tools that detect anomalies. Once a system has been compromised, it’s important to disconnect the system from the network and power down the endpoints as quickly as possible. Then, a trusted security expert must perform eradication to ensure that all remnants of the attack are removed and that any backdoors have been eliminated.