BotNet News

Ransomware is malware that encrypts files on an organization’s computer systems. Typically, the attackers then display a screen that demands payment of a ransom in cryptocurrency to unlock the files. These payments may or may not be successful; multiple sources report varying degrees of decryption after a ransom is paid (CISA Citation2022a).

In addition to immediate financial losses, ransomware attacks can have long-term side effects on a company’s reputation and brand, as well as damage critical operations. For example, when the Colonial Pipeline’s IT systems were infected with ransomware, it caused gas shortages across the Southeast, and impacted citizens’ daily lives. The attackers behind the attack were DarkSide threat actors, who accessed the system through compromised credentials for a legacy VPN.

Criminals continue to invest time and money into developing new forms of ransomware, targeting more and larger organizations. Often, they use a variety of tactics to target and infect victims. These tactics include phishing campaigns with malware attachments, email spear phishing, compromised websites and leveraging vulnerabilities in legacy software (e.g., EternalBlue and EternalRomance).

Organizations should be prepared to respond to ransomware incidents by implementing an incident response plan based on the NIST Cybersecurity Framework. These plans should include procedures for isolating the infected aspects of a system, powering down components to prevent further spread and contacting law enforcement. They should also incorporate security best practices, including securing backup data and installing comprehensive cybersecurity software. Finally, organizations should train employees with ongoing, mandatory cybersecurity awareness sessions.