BotNet News

Ransomware is malware that locks a victim’s computer or device and demands payment for unlocking the data. In the past, it was often used as a tool for extortion and petty crime by small groups of criminals, who targeted individuals with opportunistic attacks using email attachments, often involving photos and documents. Later, organised gangs entered the scene and made ransomware more effective, by targeting businesses and by improving the malware to avoid detection by anti-malware scanners. A notable example is the NotPetya attack that cost Danish shipping and logistics giant A.P. Moller-Maersk around $300 million.

Ransomware variants continue to evolve. Some, such as Ryuk in 2018, target specific high-value targets and encrypt network drives and resources, and disable Windows System Restore functionality. Others, such as Cerber, are distributed by cybercriminals through Ransomware-as-a-Service (RaaS) arrangements. Some attackers also tamper with backup files or delete them, making recovery without a decryption key more difficult.

Even if you pay the ransom, it’s important to remember that you’re funding criminal activity. The creators of ransomware aren’t in the file recovery business, they’re in the moneymaking business. And there’s no guarantee that you’ll get a decryptor key that works. It’s not unheard of for the encryption process itself to corrupt the data beyond repair.

For many organisations, a ransomware attack can be disastrous and have long-lasting financial impacts. This includes lost revenue, remediation costs, legal fees and damage to reputation. It can also cause business interruption, impact customer trust and expose the organisation to potential regulatory investigations.