Ransomware is a collective name for a type of malicious code used by Cybercriminals to lock access to data or IT systems, or steal data. Criminals then require payment for sharing the key to unlock data or systems or promising not to share sensitive information.
Most commonly, the ransomware malware encrypts all the information that the program has accessed, and displays a screen with payment instructions to restore access. Any digital asset can be encrypted; a user's files, entire disks, or servers over the network. The perpetrators instruct the affected organization or user to pay a ransom to gain access to a cryptographic key that can unlock the encrypted files.
Another approach is to copy data and threaten to publish it unless a ransom is paid.
There is today an organized market for ransomware where malware developers sell Ransomware-as-a-Service (RaaS) to other criminals who use it for extortion.
Ransomeware attacks are today (2022) one of the fastest growing cyber crimes and should be on all organizations' risk/threat list.
How does Ransomware infect devices?
Ransomware can get into computers or phones and be activated in various ways. The most common way is to trick users into e.g. opening an infected attachment in an email or visiting a site that spreads infected code. It can also be spread via infected files shared on USB memory or unprotected wi-fi networks.
Simpler variants of ransomware are activated immediately when the ransomware code has entered a computer. The slightly more advanced variants can install themselves and be passive to be activated later, usually after 30-90 days, which is a common time period for companies to save their backups.
More advanced variants of ransomware enable Cyber criminals´ access to IT systems, which they leverage to target systems and data, and steal data.
Some tips to reduce the risk of ransomware:
Do not click on unknown links or attachments in emails or on social media. Check with the sender if you are unsure.
Do not install unknown apps, plug-ins, etc on your computer or mobile phone
Install antivirus software on all devices
Keep infrastructure, software, apps, etc. up to date
Continuously back up entire systems according to 3-2-1 (three copies, two media, and one copy offline / not accessible from the network). Extend the time you save backups
What do I do If I get ransomware?
The most common way to restore systems and data is to re-read a complete backup. You should have verified the type of ransomware you have been affected by in order to verify that there is no passive component left in the recharged backup.
Paying the ransom is not advisable, as decryption keys often do not work, and victims who pay are more likely to be hit again (80% according to a 2022 study by Cybereason). Also, paying ransom funds the continuation and strengthening of these threat actors, enabling them to strike again and again.
Cegal and Ransomware
Cegalworksactivelywithourcustomers to improvesecurity-relatedroutines, and technical solutions and to raiseawarenessof digital risks and threats. As it is a variablegoal and an infinitelevelofmeasures, wealsohelp to optimize the coststhatareprioritizedbased on the assessedvalueof the information objects for the business and the assessed technical/organizationalcomplexity.