BotNet News

Ransomware is malware that encrypts data until victims pay a ransom in cryptocurrency. It is a lucrative business for cybercriminals.

Originally, ransomware attacks were opportunistic and targeted individual computer users. The first ransomware attack was in 1989, with the AIDS Trojan (also known as PC Cyborg) that infected subscriber lists for an AIDS conference. This malware hides file directories on victim computers and demands USD 189 to unhide them.

Since then, cybercriminals have realized that ransomware can be more lucrative if they target businesses. The ransom demands are higher, and businesses may also have to pay for incident response, digital forensics, and legal and PR counsel that result in long-term damage to the company’s reputation.

The most notable ransomware attacks have been against critical infrastructure. For example, in 2018, the ransomware variant SamSam hit the Port of San Diego and the Colorado Department of Transportation. Hackers even used this malware to target a city’s critical municipal services, such as the police record-keeping system. The city lost an estimated $30 million.

Newer threats, such as Ryuk, REvil, and CryptoLocker are increasingly targeted at businesses. Ryuk can locate and disable backup files and Windows System Restore features, making it a difficult threat to detect and stop.

Hospitals are a top target for ransomware attacks. These attacks can disrupt operations, cause financial loss, and threaten patient safety. Hackers can use ransomware to target hospitals’ critical infrastructure, such as electronic medical records or the IT systems that support a hospital’s clinical practices and caregiving functions.