What is ransomware?Ransomware is a type of malware that prevents users from accessing their data or using their device. In most cases, it encrypts the files and offers a decryption key in return for a ransom.Types of ransomware:By the effect on system:Scareware makes users believe that there’s a virus on their computer and they need to purchase special software to remove it.Locker terminates operations on a PC preventing users from accessing files and programs.Mobile locker acts the same but instead of PC files blocks the mobile device.Crypto encrypts all the files. A user can access a file, but the information within it is corrupted.Leakware doesn’t harm the user’s files. Instead, it collects the information and sends it to a cybercriminal. The ultimate goal is to blackmail the user threatening the leak the data.By the target technology:On-prem: infects PCs.Ransomcloud: infects cloud productivity and collaboration systems like Google Workspace™ or Microsoft Office 365.By effect on previous file versions:No effectThe malware encrypts all the versions of a fileRansomware examples:Cerber, Locky, CryLocker, CryptoLocker, Jigsaw, Ryuk, Spider, Petya, NotPetya, GoldenEyeRead about the recent examples of ransomware.How ransomware worksOn-prem:Trick human into downloading a file> Infect > Encrypt > Demand ransomCloud:Trick human into giving access to their cloud drive > Infect > Encrypt > Demand ransomRead more about ransomware in action.Channels of ransomware spread:Emails with links or file attachments:Spam emails are sent to hundreds of people. They are usually of low quality and contain many mistakes.Spoofing is pretending to be a trustworthy sender (mostly well-known and trusted organization like Amazon, Google, or Microsoft)Spear phishing is pretending to be the authority of the recipient’s organization (e.g., a CEO).Posts on social networking websites that contain a link to malicious softwareBotnets. A computer that has previously been infected and becomes a part of a botnet can be an easy target for ransomware.Malvertising is advertising on a trusted website that redirects to a malicious website.Compromised websites. Cybercriminals look for vulnerabilities in trusted resources and inject malicious code. Alternatively, they create their own websites, often with prohibited content.Applications and programs from trusted developers can contain vulnerabilities. Hackers would look for them and exploit them to inject malicious code.Infected hardware, for example, removable media.How to remove and recover from ransomware:If you don’t have a backup follow the steps below:Isolate your device from the network and other devicesMake screenshots and copy the ransom demand noteReport the crime to authoritiesCheck if previous versions of your files are also encrypted.If no:Run the antivirus software to eliminate ransomware.Then restore files.If your file versions are also corrupted:Use online tools to determine your type of ransomwareLook for and download decryption keysIf your ransomware is new and there are no decryption keys, estimate the consequences of paying ransom vs. deleting your files and act accordingly.Take the necessary steps to prevent getting ransomware in the future.Keep in mind that these steps do not guarantee the recovery of your files unless you have backup or DLP.How to prevent a ransomware attackThere are multiple strategies to defend against this type of malware. Here are four simple measures:Educate your employees about social engineering techniquesPurchase backup toolsPurchase anti-ransomware softwareAlternatively, purchase a tool that backs up your data and eliminates ransomware at the same time. Share this article Share this post on Linkedin Share this post on X Share this post on Facebook Share this post on Reddit Was this helpful? Yes No Submit Cancel Thanks for your feedback!