Secure the Enterprise
Secure the
Enterprise

Our Next-Generation Firewall is the industry's defining network security platform. Stay on the cutting edge with continuous integrated security innovations that instantly find and stop attacks. Eliminate disconnected point-products with our fully automated platform that simplifies security.
Next-Generation Firewall

Threat Prevention Services

Endpoint Protection

5G / IoT

For Your Industry

Products A-Z
Secure the Cloud
Secure the
Cloud

Cloud security services that effectively predict, prevent, detect, and automatically respond to security and compliance risks without creating friction for users, developers, and administrators.
Public Cloud

AWS

GCP

Azure

SaaS

Branch & Retail

Mobile Users

For Your Industry

Products A-Z
Secure the Future
Cortex is the industry's only open and integrated AI-based continuous security platform. It delivers radical simplicity and significantly improves security outcomes through automation and unprecedented accuracy.
Cortex

Cortex Data Lake

Cortex XDR

For Your Industry

Products A-Z
More
- More
- Get Support
- Services
- Partners
- Company

EMPOWERING CYBERSECURITY PROFESSIONALS

WHAT IS RANSOMWARE?

An Old Business Model With New Tricks

2 min read

RELATED TERMS
Security Architecture
Malicious Software

Ransomware is a criminal business model that uses malicious software to hold valuable files, data or information for ransom. Victims of a ransomware attack may have their operations severely degraded or shut down entirely.

While holding something of value for ransom is not a new concept, ransomware has become a multimillion-dollar criminal business, targeting both individuals and corporations. Due to its low barrier to entry and effectiveness in generating revenue, it has quickly displaced other cybercrime business models and become the largest threat facing organizations today.

What Does a Ransomware Attack Look Like?

Attackers must execute five steps for a ransomware attack to be successful:

1. Compromise and take control of a system or device

Most ransomware attacks begin by using social engineering to trick users into opening an attachment or following a malicious link in their web browser. This allows attackers to install malware onto a system and take control.

2. Prevent access to the system

Once they have system access, attackers will either identify and encrypt certain file types or deny access to the entire system.

3. Notify the victim

Naturally, attackers and victims often speak different languages and have varying levels of technical capabilities. Attackers must alert victims to the compromise, state their ransom demand and explain the steps for regaining access.

4. Accept ransom payment

To receive payment while evading law enforcement, attackers demand cryptocurrencies, such as bitcoin, for the transaction.

5. Return full access

Attackers must return access to the device(s). Failure to restore access to compromised data or systems undermines the scheme as few would be willing to pay a ransom if they didn’t believe their valuables would be returned.

Keeping your organization safe from falling victim to a ransomware attack requires a fundamental shift – away from detection and remediation, toward prevention. This means reducing the attack surface, preventing known threats, and identifying and preventing unknown threats.

More Ransomware Articles:

EMPOWERING CYBERSECURITY PROFESSIONALS

WHAT IS RANSOMWARE?

An Old Business Model With New Tricks

2 min read

What Does a Ransomware Attack Look Like?

Popular Resources

Legal Notices

Account

EMPOWERING CYBERSECURITY PROFESSIONALS

WHAT IS RANSOMWARE?

An Old Business Model With New Tricks

2 min read

What Does a Ransomware Attack Look Like?

Want to be first to know?

Subscribe to Palo Alto Networks

Popular Resources

Legal Notices

Account