What Is Ransomware?

What Is Ransomware?

Ransomware is malware that restricts or prevents a user from accessing files on their device until a ransom is paid. Ransomware works by encrypting the files on a target device, effectively blocking the user's access.

Over the past several years, ransomware has become the most widespread, expensive, and destructive form of malware. With criminals increasingly targeting critical infrastructure and a new ransomware attack occurring roughly every eleven seconds, it’s a threat that can cripple not just organizations but also critical infrastructure. Recent high-profile attacks such as Colonial Pipeline represent unsettling attestations to this. 

The problem is only growing worse. Many criminals are now resorting to double, triple, and even quadruple extortion strategies, and the average ransomware attack cost has already topped seven figures. 

How Ransomware Works

At its most basic, ransomware is simply a digital extortion scheme. It uses encryption to lock down systems and devices to force the victim to pay a ransom. An infected device could be anything from an office PC to critical hospital infrastructure.

This means that ransomware has the very real potential to put lives at risk. 

Some ransomware does more than simply lock access. It may also be capable of exfiltrating data for distribution, sale, or further extortion attempts. Some ransomware programs are also designed for lateral movement, while others can completely wipe out infected systems. 

Recent Ransomware Attack

The Colonial Pipeline breach is one of the most significant and troubling ransomware attacks in recent memory, but 2022 has had its fair share of devastating incidents, as well.
Echoing the cyberattack against Baltimore in 2019, Bernalillo County saw the entirety of its government services brought to a screeching halt by ransomware in early January. 
Beginning in early April, ransomware group Conti targeted the Costa Rica government with ransomware, completely disrupting the ministry of finance and causing the country to declare a national emergency. A second attack a month later targeted the Costa Rican social security fund. In February, another victim of Conti, KP Snacks, had to deal with a crumbling supply chain after its order management system was locked down by ransomware. 
In late January, the LockBit ransomware group claimed to have hacked France’s Justice Minister, threatening to publish sensitive documents if the Ministry failed to pay a ransom.
In March, Toyota was forced to halt production at all Japanese plants in the wake of a ransomware attack on a major supplier. 
Aerospace, mobile, and industrial OEM Parker Hannifin confirmed in April that it suffered a ransomware attack, courtesy of Conti. The ransomware group published 5 gigabytes of employee data, claiming it was three percent of what it exfiltrated. 
A Michigan-based college was forced to close its campus and cancel all classes after being hit by a ransomware attack. The college restored operations quickly and issued a mandatory password reset for all students along with multi-factor authentication.  
Ransomware group Vice Society targeted government services in Palermo, Italy in June, causing widespread outages that impacted roughly 1.3 million people. 
In early July, this major Mississippi hospital was forced to revert to paper medical records after its EHR system was brought low by ransomware. 
In July, one of Australia’s largest prisons had to suspend visits after a ransomware attack took control of its entire network. 

Ransomware prevention doesn’t need to be difficult, costly, or complicated—instead, your organization can significantly improve its defenses with just a few steps: 

  • Employee training and education
  • Proper software lifecycle management
  • Air-gapped, redundant backups
  • The right tools from the right vendors
As a human-centric subscription-based 24x7x365 Managed XDR service, CylanceGUARD® provides the expertise and support businesses need to prevent and protect against ransomware attacks. CylanceGUARD combines the comprehensive expertise embodied by BlackBerry Cybersecurity Services with AI-based Endpoint Protection (EPP) through CylancePROTECT®, continuous authentication and analytics through CylancePERSONA, and on-device threat detection and remediation through CylanceOPTICS®. In short, CylanceGUARD provides business with the people and technology needed to protect the enterprise from the modern threat landscape.