Ransomware is a type of malware that threatens to publish a victim's personal data or perpetually block access to it unless a ransom is paid. More advanced malware uses a technique called crypto-viral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom to be paid to decrypt them.
In a properly implemented extortion attack, recovering the files without the decryption key is an insuperable problem - and difficult to trace digital currencies like Paysafecard or Bitcoin and other cryptocurrencies that are used for ransoms, making it difficult to track and prosecute the offenders.
Defending against ransomware
Having a proper backup solution is a critical component to defending against ransomware. Note that since many ransomware attackers will not only encrypt the victim's live machine, but will also attempt to delete any hot backups stored locally or accessible over the network, it is also critical to maintain "offline" backups of data stored in inaccessible locations on any potentially infected computer, such as external storage drives or devices that do not have access to any network (including the Internet), preventing them from being accessed by the ransomware.
Conclusion
Ransomware is a type of cyber attack in which the victim has their systems encrypted and unable to return to normal operation without a ransom being paid. One of the main vectors of ransomware attacks are security breaches caused by unpatched vulnerabilities, in which the company, for lack of an active security posture, or even complete ignorance of their business risks, face large financial losses.
Comentarios