BotNet News

Ransomware is a malware variant that locks or encrypts files on a computer system or network. It is typically distributed by email attachments, downloaded from malicious websites through malvertisements or dropped by exploit kits onto systems with vulnerable software. Once deployed, the ransomware encrypts critical files on the victim’s computer or connected file shares. The ransomware then displays a message on the infected device that demands payment of a cryptocurrency (like Bitcoin) to unlock the encrypted files.

While ransomware attacks were initially focused on consumers, as the crime became more profitable organised gangs entered the market. This led to a significant improvement in the quality of encrypting ransomware. In addition to encrypting more files and demanding larger payments, the criminals behind these threats also improved their ability to attack organizations with more targeted campaigns.

Paying the ransom may seem like the best option when facing critical data loss, but it is recommended to avoid doing so. The reason is that paying the criminals only encourages them. It also does not guarantee that the attackers will decrypt the files after receiving payment. Furthermore, it is not uncommon for the encryption process itself to corrupt some of the files beyond recovery even if the decryption key was provided.

The most effective way to deal with a ransomware attack is to deploy and execute an incident response plan modeled after the National Institute of Standards and Technology (NIST) Incident Response Lifecycle. This includes deploying an enterprise cybersecurity solution, educating staff on ransomware and other cyberattacks, keeping current with patches and anti-malware updates, running regular backups of critical systems and devices, limiting remote access to those systems to reduce risk, instituting policies that limit user-to-user sharing of personal or corporate files and creating an escalation matrix in the event of a ransomware attack.