BotNet News

Ransomware is malware that exploits security weaknesses to steal or lock data, and then demands a ransom in exchange for unlocking the information. Criminals have taken advantage of these weaknesses in businesses, governments and hospitals, with attacks causing significant disruption, cost and reputational damage. Colonial Pipeline, JBS Foods, the City of Atlanta, Ireland’s national health service and others have been high-profile victims.

Cybercriminals often target small and midsize businesses (SMBs) because they tend to have less robust cybersecurity measures in place. They also lack the resources to hire large teams of experts who could quickly respond to an attack. In addition, SMBs may have critical business systems that cannot afford any downtime due to a ransomware attack.

Attackers launch ransomware attacks using phishing, vulnerability exploitation and compromising remote access protocols like RDP to gain footholds in target systems and domains. From there, they work on gaining access to other systems and domains, a process called lateral movement. Depending on the type of ransomware, attackers then focus their attention on identifying and exfiltrating valuable data such as login credentials, customer information or intellectual property for double-extortion.

Crypto ransomware encrypts files or directories on a victim’s system and then demands a ransom payment to unencrypt them. Some of this malware also deletes or encrypts backups to increase the pressure to pay the demanded ransom. Non-encrypting ransomware locks the device screen or floods it with popups, making it difficult for victims to use their computer or device until they pay a ransom.