Ransomware is a type of malware programming that infects, locks or takes control of a system. The attacker then requests a financial payment to undo the malicious action.
Ransomware attackers typically encrypt files and demand digital currency in exchange for the correct decryption key. The attacker may threaten to leak exfiltrated data to the public or post it for sale on the dark web if the ransom is not paid.
Ransomware is distributed through malicious email attachments, infected downloads and compromised websites. The attacker will typically demand payment in a specific cryptocurrency, such as Bitcoin, to avoid detection through conventional follow-the-money tracing methods used by law enforcement.
Ransomware may also be referred to as a crypto-virus, crypto-Trojan or crypto-worm.
Ransomware
Ransomware attacks can severely impact businesses and leave hospitals and municipalities without the data they need to operate and deliver mission-critical services. According to the FBI, ransomware incidents continue to rise in 2021, but their financial impact is still dwarfed by cyberattacks that focus on business email compromise (BEC) and email account attacks.
Ransomware as a Service
A ransomware variant from the DarkSide cybercrime group is one of more than 100 ransomware variants that the FBI is currently investigating. DarkSide has been in the news for offering ransomware as a service (RaaS) partnerships to non-technical criminal affiliates who are willing to share a percentage of the paid ransom with the developers.
Ransomware Prevention
To prevent the negative consequences of a ransomware attack, the Cybersecurity and Infrastructure Security Agency (CISA) recommends the following best practices:
Maintain offline, encrypted backups of data and continually test recovery point objectives.
Regularly patch and update all software and firmware.
Conduct vulnerability scans on a regular basis to limit potential attack surfaces.
Ensure computing devices are configured properly and that security features are enabled.
Follow best practices for remote desktop and print services.
Take advantage of intrusion detection system (IDS) that can detect command and control (C&C) signals and other malicious network activity that often occurs prior to an attack.
Proactively create an incident response plan that includes notification procedures.
