The key to stop malware and ransomware is not to focus on preventing it from infecting systems but to block it's ability to communicate with the botnet controller. Our answer is to do just that with a range of sophisticated tools. In the case of the initial infection(via email, website or thumb drive), our tools could block the DNS request before the browser connects to the malicious site, whether the user clicked on a link or if there was a redirect from a compromised site. If an exploit or phishing domain is identified as malicious, then it would block the connection before the compromise occurs.
What is Malware?
Malware or malicious computer code has been around in some form or other for over 40 years, but the use of malware or ransomware to take control of a group of computers that are then organized into something called a botnet is more a twenty-first century phenomenon.
Botnets have been responsible for some of the most costly security incidents experienced during the last 10 years, so a lot of effort goes into defeating botnet malware and, when possible, shutting botnets down. Botnets are used by malicious actors for various purposes, ranging from information theft to sending spam. As with everything else, the more resources you have, the faster you get results. Various types of people operate botnets.
Criminal gangs use them to steal banking credentials and commit fraud, pranksters use them to spy on webcams and extort their victims. It is also used in what is now known as ransomware, where computer malware is installed covertly on a victim's computer, executes a cryptovirology attack that adversely affects it, and demands a ransom payment to decrypt it or not publish it.
To explain how malware and ransomware works we first need to explain what a botnet is and how it infects workstations and servers?
The word botnet is made up of two words: bot and net. Bot is short for robot, a name we sometimes give to a computer that is infected by malicious software.
Net comes from network, a group of systems that are linked together.
People who write and operate malware cannot manually log onto every computer they have infected, instead they use botnets to manage a large number of infected systems, and do it automatically. A botnet is a network of infected computers, where the network is used by the malware and ransomware to spread.
For the botnet to work, infected systems must communicate with their botnet controller via one of many domain names generated every day. If none of the domains can be resolved to the controller’s IP address, the malware stays dormant.