BotNet News

Ransomware is malware that encrypts a victim’s files and demands payment for the decryption key. Ransomware variants can be spread via phishing emails and social engineering techniques, drive-by downloads on compromised websites, or as payloads dropped by exploit kits onto vulnerable systems. Once a device or system is infected, the malicious software searches for and encrypts valuable files. Once the attackers have locked victims out of their data, they leave a message that outlines the cost to unlock it (usually in Bitcoin).

Cybercriminals often target small and midsize businesses because these organizations may not have adequate cybersecurity measures in place. Attacks against these companies can have significant financial impacts, including a loss of revenue, and could potentially destroy or damage critical data.

Many ransomware variants have evolved to include features such as data exfiltration. These features allow attackers to take data from victim organizations before encrypting it, effectively acting as an insurance policy that the organization has good backups and will make a ransom payment rather than risk losing all their information.

To limit the impact of an attack, you should quarantine infected machines to prevent them from spreading to other devices or systems. You should also create a backup of encrypted files. Powering off a computer may cause volatile memory to be lost, so you should keep it on until a solution becomes available or the recovery effort is complete. CISA offers a wide range of services to help protect your organization from these and other types of cyberattacks.