See our SolarStorm response
  • Network Security
  • Cloud Security
  • Security Operations
  • More
  • Get support
  • Sign In
  • Get Started
Cyberpedia
  • Cybersecurity
  • Network Security
  • Cloud Security
  • Threats
  • Security Operations
  • Compliance
  • Cybersecurity
  • Network Security
  • Cloud Security
  • Threats
  • Security Operations
  • Compliance
Threats

What is Ransomware?

2min. read

Ransomware is a criminal business model that uses malicious software to hold something of value for ransom or shutting down victim's operations.

Ransomware is a criminal business model that uses malicious software to hold valuable files, data or information for ransom. Victims of a ransomware attack may have their operations severely degraded or shut down entirely.

While holding something of value for ransom is not a new concept, ransomware has become a multimillion-dollar criminal business, targeting both individuals and corporations. Due to its low barrier to entry and effectiveness in generating revenue, it has quickly displaced other cybercrime business models and become the largest threat facing organizations today.

 

What Does a Ransomware Attack Look Like?

Attackers must execute five steps for a ransomware attack to be successful:

1. Compromise and take control of a system or device

Most ransomware attacks begin by using social engineering to trick users into opening an attachment or following a malicious link in their web browser. This allows attackers to install malware onto a system and take control.

2. Prevent access to the system

Once they have system access, attackers will either identify and encrypt certain file types or deny access to the entire system.

3. Notify the victim

Naturally, attackers and victims often speak different languages and have varying levels of technical capabilities. Attackers must alert victims to the compromise, state their ransom demand and explain the steps for regaining access. 

4. Accept ransom payment

To receive payment while evading law enforcement, attackers demand cryptocurrencies, such as bitcoin, for the transaction.

5. Return full access

Attackers must return access to the device(s). Failure to restore access to compromised data or systems undermines the scheme as few would be willing to pay a ransom if they didn’t believe their valuables would be returned.

Keeping your organization safe from falling victim to a ransomware attack requires a fundamental shift – away from detection and remediation, toward prevention. This means reducing the attack surface, preventing known threats, and identifying and preventing unknown threats.

 

 

Be the first to know.

As a member you’ll get exclusive invites to events, Unit 42 threat alerts and cybersecurity tips delivered to your inbox.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
Subscription Reward

Popular Resources

  • Blog
  • Communities
  • Content Library
  • Cyberpedia
  • Event Center
  • Investors
  • Tech Docs
  • Unit 42
  • Sitemap

Legal Notices

  • Privacy
  • Trust Center
  • Terms of Use
  • Documents

Popular Links

  • About Us
  • Careers
  • Contact Us
  • Manage Email Preferences
Report a Vulnerability
  • USA (ENGLISH)
  • AUSTRALIA (ENGLISH)
  • BRAZIL (PORTUGUÉS)
  • CANADA (ENGLISH)
  • CHINA (简体中文)
  • FRANCE (FRANÇAIS)
  • GERMANY (DEUTSCH)
  • INDIA (ENGLISH)
  • ITALY (ITALIANO)
  • JAPAN (日本語)
  • KOREA (한국어)
  • LATIN AMERICA (ESPAÑOL)
  • MEXICO (ESPAÑOL)
  • SINGAPORE (ENGLISH)
  • SPAIN (ESPAÑOL)
  • TAIWAN (繁體中文)
  • UK (ENGLISH)
  • Facebook
  • Linkedin
  • Twitter
  • Youtube
Create an account or login

© 2021 Palo Alto Networks, Inc. All rights reserved.