Optiv Cybersecurity Dictionary
What is Ransomware?
Ransomware is a type of malicious software, or malware, designed to deny access to, or "lock," files on a computer system until the victim makes a ransomware payment to the attacker.
It’s often distributed as a trojan (malware disguised as a legitimate file) through phishing emails or links on an infected website. Once a system is infected, the ransom demand is typically displayed on the locked screen with directions on how to pay (often with cryptocurrency, since it’s untraceable). Unfortunately, paying the ransom doesn’t always result in restored access to files or removal of the ransomware. Some of the most damaging recent examples of ransomware include WannaCry, Petya and Locky.
Ransomware and Why It Matters
You’ve seen it all over the news: ransomware has run amok. Attacking and squeezing organizations of all sizes and types, this especially insidious malware boils down to something like, hand over the cash or lose your data (and surprise, surprise: the former doesn’t necessarily guarantee the latter).
Between nation-state threat actors and the rise of ransomware as-a-service (RaaS) operations, ransomware seems to be the weapon of choice for today’s cybercriminal. As it happens, experts currently estimate that a business is hit by ransomware every 11 seconds.1
Just in case that’s not enough to lose sleep over, ransomware continues its fast-track evolution. Sneakier and more aggressive variants have already been spotted in the wild, with some of them using novel techniques like intermittent encryption to evade detection. And thanks to ransomware authors leasing their user-friendly products on the dark web, it no longer takes a skilled hacker to perform such an attack. That’s right—the market is now wide open to garden-variety criminals, as well. And if paying to get your own data back wasn’t bad by itself, some victims must pay a second ransom to prevent these criminals from releasing their information publicly.
Ransomware Prevention Solution
Today’s world seethes with ransomware, but Optiv can help organizations effectively mitigate it through a combination of two strategies: prevention and resilience. We break down these strategies alongside ransomware’s past, present and future in our Ransomware Field Guide.
After you’re up to speed, gauge and harden your organization’s preparedness with our Ransomware Readiness Assessment.
Related Terms
Fileless attacks inject malicious code into RAM memory and exploit approved applications on targeted devices to achieve their objectives and thwart detection.
Phishing is a fraudulent attempt to trick individuals into divulging sensitive information (usernames, passwords and banking details) by pretending to be a trusted source, often through an email communication.
Distributed Denial of Service (DDoS) is a form of cyberattack in which multiple compromised systems work together to disrupt an online service, server or network by overwhelming the target with malicious traffic.
APTs are highly sophisticated and prolonged computer hacking processes that often target a specific entity for business or political motives.
SQLi is a type of application exploit called a code injection technique, in which an attacker adds malicious Structured Query Language (SQL) code to a web form input box to get access to resources.
Insider risk is the potential for an employee, contractor or other party with legitimate access to negatively impact an organization’s people, data or resources.
Other Sources
- 6 Ways to Defend Against a Ransomware Attack – Gartner (Nov 2020)
- Ransomware: Survive By Outrunning the Guy Next to You – Forrester (May 2021)
- IDC Survey Finds More Than One Third of Organizations Worldwide Have Experienced a Ransomware Attack or Breach – IDC (August 2021)
Contact Us