What is Ransomware?
Ransomware is malicious software designed to block access to a computer system or data until a ransom is paid.
Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Paying the ransom does not guarantee the encrypted files will be released; it only guarantees that the malicious actors receive the victim’s money.
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.
Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and may be spread through social media. Additionally, newer methods of ransomware infection have been observed, like vulnerable web servers being exploited as an entry point to gain access to an organization’s network.
Protecting Against Ransomware
1. Back Up Your Data
Once a ransomware infection occurs, it may be too late to recover the encrypted information. Regular backups can help protect you.
Learn about backing up your data.
2. Stay Updated
Keep your devices, apps, and browsers patched and up-to-date. Attackers can take advantage of unpatched or outdated operating systems.
3. Think Before You Click
Ransomware typically appears in phishing emails either through links to malicious websites or via infected attachments.
Learn about phishing attacks.
4. Check out our ransomware toolkit for videos and flyers with this information!
Responding to a Ransomware Infection
What to do if you believe your system has been infected with ransomware
1. Disconnect From Networks
Unplug Ethernet cables and disable wifi or any other network adapters. This can aid in preventing the spread of the ransomware to shared network resources such as file shares.