Glossary

Ransomware

Ransomware is a specific type of malware that infects an organization’s IT systems and data. It then locks up and encrypts that data and only decrypts and allows access once a ransom is paid.

Terms related to Ransomware: Malware, Cybersecurity, Antivirus, Firewall, Vulnerability, Exploit, Encryption, Key, Patch, Social Engineering, Phishing.

Ransomware is a specific type of malware that installs itself on an organization’s or individual’s systems. Once it is installed it uses malicious code to encrypt the contents of connected devices, including applications and data. Information is encrypted using a powerful, effectively unbreakable encryption key. This encryption makes the computer network, software, and data unusable. CryptoLocker and WannaCry are two of the most well known Ransomware variants.

The ransomware then demands payment, often in untraceable cryptocurrency like Bitcoin, for the hackers to decrypt information across the network and on specific devices. Once the ransom is paid, the hackers may then decide to decrypt the data, although this is not guaranteed. For example, in the WannaCry attack, data was not decrypted even after payment was made.

Ransomware can be installed through malicious executables on emails, through exploiting system vulnerabilities, or through compromised devices or websites. Ransomware kits are also available on the dark web and can be deployed by criminals with little technical expertise, relying on the weaknesses in some computer systems for them to become installed and demand payment.

Defenses against ransomware include regular vulnerability scanning and resolution, system and software patches, robust antivirus and firewall tools, and regular backup of data. It’s also vital to educate and train staff to spot potential exploitation attempts, as social engineering and phishing can easily provide access for a ransomware attack.