What Is Ransomware?
Ransomware is malware that restricts or prevents a user from accessing files on their device until a ransom is paid. Ransomware works by encrypting the files on a target device, effectively blocking the user's access.
Over the past several years, ransomware has become the most widespread, expensive, and destructive form of malware. With criminals increasingly targeting critical infrastructure and a new ransomware attack occurring roughly every eleven seconds, it’s a threat that can cripple not just organizations but also critical infrastructure. Recent high-profile attacks such as Colonial Pipeline represent unsettling attestations to this.
The problem is only growing worse. Many criminals are now resorting to double, triple, and even quadruple extortion strategies, and the average ransomware attack cost has already topped seven figures.
How Ransomware Works
At its most basic, ransomware is simply a digital extortion scheme. It uses encryption to lock down systems and devices to force the victim to pay a ransom. An infected device could be anything from an office PC to critical hospital infrastructure.
This means that ransomware has the very real potential to put lives at risk.
Some ransomware does more than simply lock access. It may also be capable of exfiltrating data for distribution, sale, or further extortion attempts. Some ransomware programs are also designed for lateral movement, while others can completely wipe out infected systems.
Recent Ransomware Attack
Ransomware prevention doesn’t need to be difficult, costly, or complicated—instead, your organization can significantly improve its defenses with just a few steps:
- Employee training and education
- Proper software lifecycle management
- Air-gapped, redundant backups
- The right tools from the right vendors