What is Ransomware?
Ransomware is a type of malware that encrypts files or devices on a network and demands payment in order to unlock them. These payments are usually requested in cryptocurrency, primarily Bitcoin. Taking these payments allows attackers to remain anonymous and obscure their tracks. Many attacks also use servers behind TOR, an anonymity network, to further conceal their identities.
The most popular form of ransomware encrypts the files on a device or system and then displays a message asking the victim to pay a ransom in exchange for decryption keys. Attackers often increase the amount demanded after a deadline passes or when the victim refuses to pay, a tactic known as double extortion.
Attackers continue to find ways around traditional cybersecurity controls like firewalls and anti-virus. The COVID-19 pandemic accelerated the shift to remote work, blurring personal and professional digital environments for employees and making them more susceptible to ransomware attacks. Additionally, the rise of cryptocurrencies and the continued reliance on legacy systems fuels ransomware’s prevalence.
Whether attacking an individual, business, or government entity, ransomware can have devastating consequences. Attacks can disrupt services and operations, resulting in delays, increased costs for goods/services, decreased efficiency, and financial loss for the victim. In addition, attacks can also be used as a cover for more harmful cyberattacks. This may include the theft of data for identity fraud, distributing malicious documents and software, or leveraging the attack to access networks in order to conduct cryptomining.