Glossary / Ransomware

Ransomware

Malicious software used to perpetually block access to a computer system or specific data until a ransom is paid or indefinitely. Attackers often use ransomware to lock systems and then threaten to publish the victim’s data.

What is Ransomware?

Ransomware is malicious software used to perpetually block access to a computer system or specific data until a ransom is paid or indefinitely. Attackers often use ransomware to lock systems and then threaten to publish the victim’s data.

The most common ransomware infections use encryption technology to lock up data until a ransom is paid. Once encrypted, all access to the file or folder becomes impossible unless the user pays the ransom.

Threats of further damage usually accompany the demand for ransom payments if the victim does not pay. Criminal activity via ransomware has become a significant threat to businesses and individuals alike. Ransomware attacks are increasing in frequency and severity. In 2017, ransomware attacks cost businesses $5 billion globally.

In addition, more than 200 million users were affected worldwide. This article will provide an overview of ransomware, how it works, and why you should be concerned about this growing problem.

How Does Ransomware Work?

Ransomware attackers utilize a type of malicious software that locks your files and demands payment to unlock them. It's usually spread via a spam email attachment or links to websites that contain malware. Once installed, ransomware encrypts your data and displays an image of a locked padlock on your desktop.

Can Ransomware delete files?

Ransomware may also delete files, block access to your computer, or make it impossible for you to use your computer.

Ransomware can be used by criminals to extort money from users. If you pay the ransom demand, the criminals may unlock your files by sending you a decryption tool. However, if you don't pay the ransom, they could keep your files locked until you pay.

What can I do if my organization has been hit with ransomware?

  • Backup your files and data before you do anything else. Malware can cause irreparable damage to your system, so get rid of it by resetting your computer back to its factory settings. You may also want to consider external backup options if you're worried about losing everything.

  • Contact law enforcement and file a police report after a ransomware attack.

  • Paying the ransom is a bad idea. You may get your data back, but you risk losing your data forever. And paying the ransom encourages other criminals to engage in similar crimes.

  • While a ransom is demanded, there's no guarantee your data will be restored if you pay it.

How to Protect your Business and Network from a Ransomware Attack

Ransomware attacks are becoming more common, with businesses being targeted by criminals who demand money in return for unlocking data. Hackers that use ransomware will hold data hostage until they receive payment, so it's essential that you take steps to prevent this from happening to your company.

Cybersecurity experts agree that you want to prevent ransomware, not react to it, and you certainly want to avoid paying the ransom at all costs. This will only encourage cyber criminals to keep targeting your business.

Always make sure you patch and update your software and systems. This is a vital step when it comes to protecting your business data better. Ransomware will take advantage of any vulnerabilities, so be sure to keep an eye on updates. Educating your staff and clients about ransomware and how to detect phishing and social engineering schemes is another critical step. This will save your business time, money, and resources in the long run and help mitigate attacks before they even happen.

Make sure your organization has a suitable Business Continuity and Disaster Recovery (BCDR) plan in place to minimize any downtime, downtime event, or disruptions associated with ransomware attacks. A BCDR solution is still the best protection against the impact of ransomware. Building a successful BCDR plan takes time, effort, and resources but will serve you well in the long run. A good plan will enable your employees to continue to work throughout any disaster, connecting to recovered business systems from any location. Your data will be recoverable as you will have taken multiple backups to ensure you can go back to any point before your data becomes compromised. Finally, you will have peace of mind knowing you can get your client's businesses back up and running with minimal downtime or impact.

Although ransomware attacks are continuing to increase, they can be avoided with adequate protection.

In summary:

  • Have solid cyber threat intelligence

  • Have daily backup files sent to a cloud or off-site location

  • Install anti-virus software

  • Patch as soon as updates are available

  • Use strong passwords

  • Be vigilant about attachments

  • Avoid Phishing Scams

  • Have security software that is proven to protect from major ransomware attacks

It’s important to keep in mind that reducing ransomware attacks starts with advanced cyber threat intelligence products and services.

Intel 471’s TITAN provides you with a global intelligence capability for human cybersecurity teams and machines. Whether scaling your cybersecurity presence or just starting to build your team, these tools and services can help you fight cyber threats.

For your IT / SOC / DevSecOps team, you can deploy Intel 471 Intelligence to gain up-to-the-moment threat coverage and analysis across Adversary, Malware, Vulnerability, and Credentials to gain better cybersecurity intelligence insights than you've ever had before.