BotNet News

Ransomware is malware that encrypts files on victim systems and then displays a message demanding payment in exchange for the decryption keys. Typically, attackers demand a sum of cryptocurrency (either bitcoin or other) to unlock encrypted files. Many variants also delete backup and shadow copies of files to make recovery without a decryption key more difficult.

Once the encryption is complete, ransomware will usually display a message to your business that demands a payment in exchange for the decryption key. The ransom can range from a few hundred dollars to millions, and some variants even post the names of organizations that have refused to pay, increasing the pressure to deliver.

Many people and businesses have paid ransoms, but the decryption keys they receive don’t always work as advertised. This is because criminals aren’t in the file recovery business; they are in the money-making business.

Ransomware is becoming more dangerous as cybercriminals evolve their modus operandi. They now target specific technologies and critical infrastructure components that are interconnected. In 2021, DarkSide ransomware was used to attack the Colonial Pipeline system in the United States and bring service to a halt. This demonstrated that cyber attackers don’t need to compromise operational technology (OT) systems directly to disrupt services, and it further highlighted the importance of regular updates, patching known vulnerabilities, and conducting risk assessments.