Ransomware is a criminal business model that uses malicious software to hold something of value for ransom. Victims of a ransomware attack may have their operations severely degraded or shut down entirely.
While holding something of value for ransom is not a new concept, ransomware has be-come a multimillion-dollar criminal business targeting both individuals and corporations. Due to its low barriers to entry and effectiveness in generating revenue, it has quickly displaced other cybercrime business models and become the largest threat facing organizations today.
Attackers must execute five steps for a ransomware attack to be successful:
Most ransomware attacks begin by using social engineering to trick users into opening an attachment or viewing a malicious link in their web browser. This allows attackers to install malware onto a system and take control.
Attackers will either identify and encrypt certain file types or deny access to the entire system.
Though seemingly obvious, attackers and victims often speak different languages and have varying levels of technical capabilities. Attackers must alert the victim about the compromise, state the demanded ransom amount, and explain the steps for regaining access.
To receive payment while evading law enforcement, attackers utilize crypto-currencies such as bitcoin for the transaction.
Attackers must return access to the device(s). Failure to restore the compromised systems destroys the effectiveness of the scheme as no one would be willing to pay a ransom if they didn’t believe their valuables would be returned. Keeping your organization safe from falling victim to a ransomware attack requires a fundamental shift from detecting and remediating toward prevention. This involves reducing the attack surface, preventing known threats, and identifying and preventing unknown threats.