What is Ransomware?

Ransomware is a type of malware that encrypts data on a victim’s computer and holds its contents for ransom. The victim must pay for the key to decrypt files.  They’ll receive a pop-up message or email with instructions. The ransom is typically demanded in cryptocurrency so the criminal can remain anonymous. Sometimes cyber criminals will not provide the key even after receiving payment.

 

What are the main types?

Unfortunately, it’s relatively easy and inexpensive for cyber criminals to get into the ransomware game. Specific methods include:

  • Off-the-Shelf Ransomware. Cyber criminals can purchase off-the-shelf software from darknet marketplaces and install it on their own servers.

  • Ransomware as a Service. Cyber criminals receive an exploit kit with everything they need to attack. They usually split the profits with the kit provider.

  • Ransomware Affiliate Programs. Cyber criminals who sign up as an affiliate get access to a ransomware-as-a-service model and can distribute it to their own selection of targets.

 

How is it distributed?

Almost three-quarters of ransomware enters through either email or website attachments.

 

How does it work?

  • A user clicks on an infected link or attachment, and the ransomware launches.
  • The infected device communicates with the cyber criminal’s server for instructions. This often includes a download, which subsequently encrypts files.
  • Once this is completed, a ransom email or pop-up message is delivered with a demand for payment in exchange for a decryption key.
  • At the same time, the ransomware tries to move through the organization’s network to infiltrate other systems. 

 

How can today’s requirements be addressed?

There are four steps that need to be taken to stop ransomware:

  • Prevent: Block known ransomware with security solutions at all entry points using the latest threat intelligence.
  • Detect: Identify previously unknown ransomware with a sandbox.
  • Mitigate: Protect in real time with shared actionable intelligence.
  • Prepare: Stay on top of the latest ransomware trends.

 

Where can I learn more about defeating ransomware?

Visit the Fortinet ransomware page for more details.