BotNet News

Ransomware is malware that encrypts data and systems and demands payment in exchange for keys to unlock it. Criminals use phishing, vulnerability exploitation and other techniques to gain initial access to the victim network. Once they have a foothold, they deploy a variety of tools to understand the local system and domain and elevate their access privileges, or “lateral movement.” They then target valuable information, and exfiltrate it to their command-and-control (C&C) servers or other locations.

Once the attack is in progress, attackers display a message to victims with the demand for money in exchange for the decryption key. The amount can range from a few hundred dollars to several million, with the threat of double extortion driving up the price as time passes and victim organizations are unable or unwilling to pay.

In addition to the cost of paying a ransom, the loss of encrypted data and systems can lead to significant business disruption, reputational damage, financial exposure and legal and compliance risk. It can also be expensive to reformat infected machines, reinstall software and restore the data that was lost, and add protection to prevent the incident from happening again.

The problem of ransomware is a global one, with many different threat actors and attack vectors in play. However, some countries actively resist a stronger framework for responsible state behaviour, such as that in the UN Ad Hoc Committee and within the Open-ended Working Group on Cybercrime (OEWG). They often provide safe harbours to ransomware criminal groups, and allow their territory to be used for international wrongful acts using ICTs.