Ransomware is a collective name for a type of malicious code used by Cybercriminals to lock access to data or IT systems, or steal data. Criminals then require payment for sharing the key to unlock data or systems or promising not to share sensitive information.
Most commonly, the ransomware malware encrypts all the information that the program has accessed, and displays a screen with payment instructions to restore access. Any digital asset can be encrypted; a user's files, entire disks, or servers over the network. The perpetrators instruct the affected organization or user to pay a ransom to gain access to a cryptographic key that can unlock the encrypted files.
Another approach is to copy data and threaten to publish it unless a ransom is paid.
There is today an organized market for ransomware where malware developers sell Ransomware-as-a-Service (RaaS) to other criminals who use it for extortion.
Ransomeware attacks are today (2022) one of the fastest growing cyber crimes and should be on all organizations' risk/threat list.
How does Ransomware infect devices?
Ransomware can get into computers or phones and be activated in various ways. The most common way is to trick users into e.g. opening an infected attachment in an email or visiting a site that spreads infected code. It can also be spread via infected files shared on USB memory or unprotected wi-fi networks.
Simpler variants of ransomware are activated immediately when the ransomware code has entered a computer. The slightly more advanced variants can install themselves and be passive to be activated later, usually after 30-90 days, which is a common time period for companies to save their backups.
More advanced variants of ransomware enable Cyber criminalsยด access to IT systems, which they leverage to target systems and data, and steal data.
Some tips to reduce the risk of ransomware:
What do I do If I get ransomware?
The most common way to restore systems and data is to re-read a complete backup. You should have verified the type of ransomware you have been affected by in order to verify that there is no passive component left in the recharged backup.
Paying the ransom is not advisable, as decryption keys often do not work, and victims who pay are more likely to be hit again (80% according to a 2022 study by Cybereason). Also, paying ransom funds the continuation and strengthening of these threat actors, enabling them to strike again and again.
Cegal works actively with our customers to improve security-related routines, and technical solutions and to raise awareness of digital risks and threats. As it is a variable goal and an infinite level of measures, we also help to optimize the costs that are prioritized based on the assessed value of the information objects for the business and the assessed technical/organizational complexity.
Read about Cegal Public cloud infrastructure and Cyber security >