Ransomware

Ransomware:

Ransomware is a type of malware that makes data inaccessible. When ransomware infects a device, it will either lock your screen or encrypt all your files. It may be contained to a single device but can also make the data of an entire organization inaccessible. Once the files are inaccessible the threat actor will send you a message indicating the ransom that must be paid in order to regain access to your files. This payment is typically requested in cryptocurrency as it is harder to track. The threat actor may also threaten to leak private information or threaten your clients directly if you do not pay right away.

How to protect yourself

A cyber criminal must be able to gain access to your system prior to initiating a ransomware attack. Follow these best practices to keep cyber criminals out of your systems and devices.

It is important to back up your data regularly. You can back up your data on an external hard drive or on the cloud. If your data is encrypted by a ransomware attack, you can recover your data by using your backup.

What to do if you fall victim

If you think that you may have been the victim of a ransomware attack, take these steps:

  1. Tell your organization’s cyber security team.

  2. Remove the malware from your device(s). If you are unable to do so yourself, get assistance from a cyber security professional.

  3. Restore your systems with your data backup.

  4. Change all passwords to online accounts.

Double- and triple-extortion ransomware

Traditional ransomware attacks only demand payment to decrypt the files. Recent ransomware attacks are more complex. In double-extortion ransomware attacks, the threat actors demand a ransom and threaten to leak private information. In triple-extortion ransomware attacks, the threat actor demands a ransom payment, threatens to leak private information, and sends ransom demands to the users or customers of the impacted institution.

» English Glossary