BotNet News

Ransomware is malware that prevents a user from accessing their device or files until a ransom is paid. Victims are notified via a lock screen or a text file placed in each encrypted directory that they must pay a specified amount of cryptocurrency in order to get their data back. Victims can expect varying degrees of success with decryption even after paying a ransom.

When it comes to ransomware, businesses are a prime target because attackers know that they’ll be more likely to pay than individuals. Cybercriminals exploit security weaknesses to extort companies, government agencies and hospitals by locking down critical data and threatening to expose the information unless a ransom is paid. The recent attacks on Colonial Pipeline and JBS Foods are just the latest examples of how cybercriminals are exploiting these weaknesses to take advantage of unsuspecting organizations.

Once infected, hackers work on gaining access to other systems and domains, a process called lateral movement. They may use remote access tools or other malware to gain entry, or they could be infected by a phishing attack that sends them a malicious link.

Regardless of how they gain entry to the network, they focus on encrypting as many critical files as possible and then displaying a ransom message that demands a payment in order to decrypt the files. Once the victims have paid the ransom, the criminals will usually provide a key to decrypt the files or a code that will unlock the malware.