Ransomware is a type of malware that makes data inaccessible. When
ransomware infects a device, it will either lock your screen or encrypt all
your files. It may be contained to a single device but can also make the
data of an entire organization inaccessible. Once the files are inaccessible
the threat actor will send you a message indicating the ransom that must be
paid in order to regain access to your files. This payment is typically
requested in cryptocurrency as it is harder to track. The threat actor may
also threaten to leak private information or threaten your clients directly
if you do not pay right away.
How to protect yourself
A cyber criminal must be able to gain access to your system prior to
initiating a ransomware attack. Follow these
best practices
to keep cyber criminals out of your systems and devices.
It is important to back up your data regularly. You can back up your data on
an external hard drive or on the cloud. If your data is encrypted by a
ransomware attack, you can recover your data by using your backup.
What to do if you fall victim
If you think that you may have been the victim of a ransomware attack, take
these steps:
Tell your organization’s cyber security team.
Remove the malware from your device(s). If you are unable to do so
yourself, get assistance from a cyber security professional.
Restore your systems with your data backup.
Change all passwords to online accounts.
Double- and triple-extortion ransomware
Traditional ransomware attacks only demand payment to decrypt the files.
Recent ransomware attacks are more complex. In double-extortion ransomware
attacks, the threat actors demand a ransom and threaten to leak private
information. In triple-extortion ransomware attacks, the threat actor
demands a ransom payment, threatens to leak private information, and sends
ransom demands to the users or customers of the impacted institution.
