BotNet News

Ransomware is malware that encrypts data and demands payment in order to decrypt it. It can be delivered via phishing emails or downloaded from malicious sites or attached to legitimate files. Once it has a foothold on the device or network, it looks for a list of targeted files and then encrypts them. A ransom note then appears on the screen that describes how to pay for a decryption key.

Attacks on critical infrastructure and private sector organizations are growing. This is likely because attackers are recognizing the outsized payday they can receive for their attacks. Also, the COVID-19 pandemic accelerated employees’ shift to working remotely, which combines personal and professional digital environments, giving bad actors access to many more vulnerabilities.

As the ransomware business matured, gangs of cybercriminals formed, leveraging resources and improving their malware to stay ahead of anti-malware scanners and to increase its impact. Ransomware is a relatively simple operation for criminals, as it only requires nine steps: discovering a vulnerability; creating malware capable of exploiting the vulnerability; gaining access to victim systems; conducting reconnaissance until the attacker recognises data considered valuable; exfiltrating those files; and then selling them on illicit marketplaces.

Continuous data backups help prevent ransomware attacks, and they enable organisations to recover without paying the ransom. If an organisation does get hit by ransomware, it is important to report the incident to law enforcement. This is important for several reasons, including enabling the organisation to leverage their relationships with international law enforcement agencies, which may help identify and bring the attacker(s) to justice.