BotNet News

Ransomware is malware that encrypts files and folders on the victim’s system, blocking access until a ransom is paid. The ransom, typically paid in hard-to-trace cryptocurrencies, can range from a few hundred dollars to millions of dollars. Regardless of the size, victims experience financial losses as they spend time remediating the attack and losing revenue while the network is down. Additional side effects include brand damage and possible litigation.

A ransomware attack usually starts with employees clicking on what looks like an innocent attachment, then gaining access to the targeted organization’s system. From there, attackers work to gain access to other systems and domains – a process known as lateral movement – and exfiltrate (stealing) valuable data. This data could include login credentials, customer or employee personal information or intellectual property.

After exfiltration, attackers begin to encrypt the victim’s files and folders, making them inaccessible. Infections can be triggered by many methods, including phishing emails and malware downloaded from compromised websites. Once a victim’s files are encrypted, they can only be decrypted with the key provided by the cybercriminal.

Hacking gangs make millions of dollars by holding networks hostage and demanding a ransom to unlock them. They do so because it’s a profitable business model that takes advantage of the digital dependencies of businesses, hospitals and governments.