BotNet News

Ransomware is malware that encrypts the victim’s files and demands money for decryption keys. Attackers use a variety of techniques to infect systems, including via malicious attachments in spammed email, downloaded from compromised websites or malvertisements, and dropped by exploit kits on vulnerable systems.

Criminals have grown more aggressive in their tactics, targeting critical infrastructure such as manufacturing and commercial facilities. They’ve also targeted healthcare, IT and other industry sectors that depend on specialized software and hardware.

Ransomware attacks continue to grow and evolve. Malicious actors are investing a significant amount of time and resources into developing newer, more nefarious strains of the malware. Additionally, attackers are leveraging ransomware marketplaces to offer their malware strains for other criminals to use.

As a result, victims are facing growing financial risks and a difficult road to recovery. Paying the ransom doesn’t guarantee that the victim’s files will be restored; in fact, paying the ransom may only lead to future attacks.

The best practice for a business to take in response to a ransomware attack is to isolate infected systems, disconnect them from networks and power them down if necessary. Once isolated, the business must perform a thorough root-cause analysis to determine which systems are impacted and prioritize restoration based on productivity or revenue impacts. Additionally, a trusted expert should be engaged to eradicate the threat from the environment and review logs to ensure the attacker’s backdoors have been closed. Download the #StopRansomware Guide from CISA and MS-ISAC to learn more about how to prevent, detect and respond to this growing threat.