What is Ransomware?
Ransomware is malware that encrypts files and data so you can’t access them. Once it’s in place, the attacker will display a message that demands a payment to regain access to your files or data. Often, the attacker will request payment via cryptocurrency.
Ransomware attacks start with a vulnerability that can be exploited by threat actors to gain unauthorized access to systems. According to CISA’s 2022 Unit 42 Incident Response Report, 48% of ransomware attacks begin with exploitation of vulnerabilities that can be found in software.
Once infected, ransomware can spread laterally within a network using lateral movement tactics and attempts to get full access to systems and domains. When no micro-segmentation or network protection is in place, this can happen very quickly.
Home users are a top target for ransomware because they tend to have fewer cybersecurity tools in place, click on almost anything, and fail to update their needed solutions (even though cyber specialists nag them). Business targets include e-commerce companies, hospitals, government agencies, schools, and many others. These organizations typically operate with large databases of sensitive information, which is lucrative to cybercriminals, as well as complex computer systems that are easy to penetrate.
Once attackers infiltrate a company or organization, they move their focus to identify and exfiltrate any valuable data they can find. They may focus on things like login credentials, customer or patient information, intellectual property, and more. Then, they may choose to publish this information publicly or use it to extort additional payments through their victim.