Ransomware – What is Ransomware and How Does it Affect You?
Ransomware is an ever-evolving cyber threat that encrypts files, rendering them unusable, and demands payment to unlock them. It has become a common attack against State, Local, Tribal and Territorial (SLTT) government entities, critical infrastructure, and businesses. Ransomware attacks are facilitated through phishing emails, social engineering techniques and exploiting vulnerabilities in a network.
When a device or system is infected by ransomware, the attackers display a message on a screen requesting a fee to unlock the affected data. This fee can be a few hundred dollars or more depending on the variant. Attackers may increase the ransom if the victim does not pay immediately. Additionally, some attacks use double extortion, stealing sensitive data from a business and encrypting it, then threatening to sell or release the stolen data if the ransom is not paid.
Once a ransom has been paid, the attackers often provide a decryption key. However, it is not uncommon for the encryption process to corrupt some or all files beyond repair even after a decryption key has been received. Moreover, the criminals behind ransomware are not in the file recovery business; they are in the money-making business.
When an attack occurs, it is important to isolate the infected device from the network and Internet as quickly as possible. This will prevent the ransomware from spreading to additional devices or encrypting data stored on network shares. Additionally, if backup files are available and have not been affected by the ransomware, they should be used to restore systems and data rather than paying the ransom.