What is a ransomware attack?
Ransomware is a malware type that is designed by cybercriminals to hold a victim's data hostage until a ransom is paid. The perpetrators usually encrypt and block legitimate access to the data and threaten to expose the sensitive content online if the ransom is withheld.
During a ransomware attack, the organization is pressurized to make the ransom payment, mostly in the form of cryptocurrency like Bitcoin to gain access to their data. Perpetrators target both individuals and organizations for a ransomware attack.
Types of ransomware
Though ransomware has evolved a lot, most ransomware attacks can be grouped into either one of the below-mentioned categories. They are:
Lock screen ransomware
This type of ransomware freezes the user's computer screen, blocks most basic functions, and demands a payment to unlock the screen. This ransomware is mostly used to target individuals and does not go after their critical data. It is deployed at the OS level and makes the device inoperable.
This type of ransomware infects and encrypts an organization's business-critical data and turns them into unreadable gibberish. Though all basic device functions are left uninterrupted, crypto-ransomware instigates huge panic as data is the lifeblood of any business. As daily operation comes to a standstill the perpetrators will demand payment be made before a stipulated deadline.
Examples: CryptoWall, CryptoLocker, NotPetya, and WannaCry.
Ransomware attack examples
Find a few examples of ransomware listed below:
|Ransomware variant||Type||Infection vectors|
|WannaCry||Crypto||Exploited an unpatched security vulnerability in Windows called External Blue|
|Locky||Crypto||A phishing scheme used to gain unauthorized access|
|BadRabbit||Crypto||Drive-by attacks where users are tricked into installing malware disguised as an Adobe flash installment|
|Petya||Crypto||Uses a corrupted Dropbox link to corrupt the system's harddrive master boot record|
|REvil||Crypto||Software supply chain attack where Kaseya software is used to infiltrate the organization's network|
|Ryuk||Crypto||Download as a service is used to infect the targeted organizations|
How ransomware works
Find the details below on how a ransomware attack happens, the various phases involved, and how it spreads. For more information, check out this infographic.
Perpetrators probe the target organization's network searching for weak spots they can exploit to deliver the ransomware.
A myriad of attack vectors like email phishing, malvertisement campaigns, exploit kits, and such are used to deliver ransomware.
The ransomware infection quickly proliferates and distributes itself, taking advantage of inherent security vulnerabilities to infect and encrypt critical data.
Ransomware cyberattack prevention best practices
Check out our eight best practices to prevent ransomware attacks.
- Patch system vulnerabilities regularly.
- Use an intrusion detection system.
- Conduct security awareness training for end users.
- Run only allow-listed and trusted applications.
- Keep your networks logically separated.
- Employ a strong email filtering solution.
- Ensure the principle of least privilege across your data stores.
- Deploy ransomware detection software.
For more in-depth instructions on how to manage ransomware attacks, check out our ransomware prevention and response checklist.