A ransomware attack on a company's network might result in the loss of confidential information (even encrypted data), and could cost anywhere between thousands to millions of dollars. Learn more what is ransomware attack and how to prevent such attacks.

Ransomware.svg

In 2021, the FBI’s Internet Crime Complaint Center received 3,729 ransomware reports. But this number isn’t set in stone– with the expansion of remote work in the wake of the global epidemic, firms such as Cybersecurity Ventures are predicting that by 2031, ransomware attacks on enterprises will occur every other second. In comparison, there was an attack every 11 seconds in 2021.

An attack on a company's network might result in the loss of confidential information (even encrypted data), and could cost anywhere between thousands to millions of dollars. Cybersecurity Ventures also estimates that by 2031, the impact of ransomware will cost businesses around $265 billion.

All sectors from IT to finance and supply chains to higher education are vulnerable to ransomware attacks. Probably most fascinating however, is the increase in attacks against government institutions, and smaller, privately held firms across all industries.

What is Ransomware?

Ransomware is a sort of malware that encrypts a user's data (or operating system) and promises to decrypt it upon payment of a ransom. The target device (which could be any electronic device connected to the internet), is infected by exploiting flaws in the user, the system, the internet, or the software.

The Five Steps of a Ransomware Attack

  1. Infection: This is when ransomware installs itself on a single endpoint or network device to gain access to a network. This installation can occur in any way, but most common include phishing emails, and infected removable devices (such as flash drives).
  2. Key Generation: Once it has been installed, the ransomware communicates with the attacker's cloud key server, to securely send the hackers the cryptographic keys needed to lock the system.
  3. File encryption: The ransomware begins encrypting all files it can access, both locally and remotely.
  4. Payment Extortion: After the ransomware has gained complete access to your files, it provides the next steps (including ransom amount, details of the exchange, and consequences of not paying).
  5. Unlocking: To unlock their files, victims could try to restore their systems from a clean backup, or pay the ransom (which will be at the victim’s risk since there's no guarantee that they will receive the decryption key even if the ransom is paid).

Types of Ransomware Attacks

Scareware: A pop-up window may appear, stating the discovery of malicious software on your computer and that the means to remedy it is to pay a fee. (Keep in mind that a reputable brand of antivirus software wouldn't follow this approach with potential or existing users.) Inaction would likely result in a continuation of the annoying pop-ups, and potential loss of data. Scareware could pave the way for Encryptors and Locking Ransomware.