BotNet News

Ransomware is malware that restricts access to files and data through encryption. Attackers often demand payment in exchange for keys to unlock the data. The amount of money demanded can vary from a few hundred dollars to a few million dollars or more. Attackers target a variety of industries including financial services, government, healthcare and manufacturing. The attacks can cripple an organization without reliable backups in place.

Typically, attackers gain initial access through compromised web servers and phishing emails. Upon infecting a device, ransomware scans for targeted file types and encrypts them. The malware then displays a message demanding a ransom. Attackers typically accept Bitcoins because of their anonymity.

Once a company pays the ransom, the attacker will usually release a decryptor to confirm that payment was received. However, it’s not uncommon for the decryptor to corrupt the files beyond repair. Moreover, paying a ransom can encourage attackers to continue their tactics because they know the business model works. Additionally, criminals can post a list of organizations that paid ransoms on forums to attract others looking for an easy mark.

Isolating an infected device, disconnecting it from the network and locking shared drives can help limit the impact of an attack. It’s also important to understand what strain of ransomware was injected into your organization, how much data was encrypted and if any decryptor tools are available. Furthermore, it’s critical to secure backups offsite or in a different logical environment.