BotNet News

Ransomware is malware that encrypts data files and holds them hostage until a ransom payment is made. It’s one of the most profitable cybercriminal activities, and its popularity has encouraged criminals to invest time and money into developing new strains.

It can be delivered as attachments in spam emails, downloaded from malicious pages through malvertisements, or dropped by exploit kits onto vulnerable systems. Once it is infected, it can spread to other devices on the network through file-sharing and remote access tools.

Isolate the infected device. A single ransomware attack is a moderate inconvenience; a large-scale outbreak, however, could have devastating implications for an enterprise. This includes the potential loss of critical information, revenue and reputation. As a result, it’s important to isolate the infected device as quickly as possible by disconnecting it from the network, internet and any shared drives. This will also help prevent the spread of the malware to other devices on your network.

Report the incident to law enforcement. Ransomware is illegal and should be reported to the appropriate authorities as soon as possible. By working with law enforcement, enterprises can leverage their resources and expertise to find and arrest the perpetrators of this crime.

Ensure that backups are secure and can be restored. In a world where ransomware is constantly evolving, backups must be separated from the centralized network and secured to protect against malware attacks. This may include ensuring that backup files are not directly accessible from the storage systems, as some ransomware variants have been known to look for and encrypt or delete those files in order to gain access to the original files they’ve encrypted.