BotNet News

Ransomware is a type of malware that encrypts data and demands money in order to unlock it. Once paid, attackers often provide victims with a decryptor key to recover their files. The amount demanded varies between victims, ranging from a few hundred dollars to millions of dollars. It’s common for attackers to require a payment via a difficult-to-trace digital currency, and for the ransom amount to increase over time. Additionally, some versions of ransomware delete volume shadow copies to prevent recovery after the attack is complete.

Attacks are primarily targeting small and midsize businesses (SMBs) due to their lax cybersecurity, but any organization with valuable data can become a victim. SMBs often work from home or on the go, which blurs their personal and professional digital environments, making them an attractive target for bad actors. Attackers also target sectors that are particularly sensitive and expensive to shut down, such as health care and manufacturing.

Criminals have a strong incentive to develop newer, more powerful ransomware because the monetary gains can be tremendous. It’s not uncommon for organizations who pay a ransom to be hit with a second attack, and they are likely to be targeted by the same threat actor.

To stop this epidemic, organizations must be proactive in identifying and stopping ransomware infections at their source. In addition, they must implement an incident response plan specific to data extortion and ransomware attacks, which can serve as an addendum to their existing cyber incident response plans.