Prosopo Logo

Glossary

Learn about product and technical terms, and get their definitions in our Glossary.

Table of Contents

Ransomware

Ransomware is a type of malware that encrypts a victim's files or locks their entire system, then demands a ransom payment (typically in cryptocurrency) in exchange for the decryption key or system access. It represents one of the most significant cybersecurity threats to businesses and individuals.

What is Ransomware?

Ransomware is a sophisticated form of malware that holds digital assets hostage by encrypting files or locking computer systems, making them inaccessible to legitimate users. Attackers then demand a ransom payment, usually in cryptocurrency like Bitcoin, promising to provide the decryption key upon payment. However, paying the ransom offers no guarantee of data recovery and may encourage further attacks.

How Ransomware Works

Ransomware attacks typically follow this sequence:

  1. Initial infection: Entry through phishing emails, malicious downloads, or exploited vulnerabilities
  2. Propagation: Spreading across the network to maximize impact
  3. Encryption: Files are encrypted using strong cryptographic algorithms
  4. Ransom demand: Display of ransom note with payment instructions
  5. Payment negotiation: Sometimes involving communication with attackers
  6. Potential decryption: If ransom is paid, attackers may (or may not) provide decryption key

Types of Ransomware

Crypto Ransomware

Encrypts valuable files on a system, making them inaccessible without the decryption key. This is the most common and damaging type.

Locker Ransomware

Locks users out of their entire operating system, preventing access to any files or applications without encrypting them.

Scareware

Fake security software that claims to detect problems on the system and demands payment to fix them, though often less harmful than other types.

Doxware (Leakware)

Threatens to publish stolen sensitive data publicly if the ransom isn't paid, adding reputational damage to the threat.

RaaS (Ransomware as a Service)

Ransomware tools and infrastructure sold or rented to other criminals, lowering the barrier to entry for conducting attacks.

Common Ransomware Families

Several notorious ransomware variants have caused widespread damage:

  • WannaCry: Exploited Windows vulnerability, affecting over 200,000 computers globally
  • Ryuk: Targeted enterprise networks for high-value ransom demands
  • LockBit: Uses automated spreading and encryption techniques
  • REvil: Known for supply chain attacks and high-profile victims
  • Conti: Employed double extortion tactics
  • BlackCat: Advanced ransomware written in Rust programming language

Delivery Methods

Ransomware commonly spreads through:

  • Phishing emails: Malicious attachments or links in deceptive messages
  • Exploit kits: Automated tools that scan for and exploit vulnerabilities
  • Remote Desktop Protocol (RDP) attacks: Brute-forcing or compromised credentials
  • Software vulnerabilities: Unpatched security flaws in operating systems or applications
  • Malicious advertisements: Infected ads on legitimate websites
  • Supply chain attacks: Compromising trusted software or service providers
  • USB drives: Infected removable media

Impact of Ransomware Attacks

The consequences of ransomware can be devastating:

Financial Impact

  • Direct ransom payments
  • System recovery and restoration costs
  • Lost productivity during downtime
  • Legal and regulatory fines
  • Increased insurance premiums

Operational Impact

  • Business disruption and downtime
  • Loss of critical data
  • Service interruption for customers
  • Delayed operations and missed deadlines

Reputational Impact

  • Loss of customer trust
  • Brand damage
  • Competitive disadvantage
  • Negative media coverage

Prevention Strategies

Protecting against ransomware requires multiple defensive layers:

Technical Defenses

  • Regular backups: Maintain offline, immutable backups of critical data
  • Security software: Deploy advanced anti-malware and endpoint detection
  • Network segmentation: Limit lateral movement opportunities
  • Patch management: Keep all systems and software updated
  • Email filtering: Block malicious attachments and links
  • Access controls: Implement least privilege principles
  • Multi-factor authentication: Secure remote access points

Organizational Measures

  • Security awareness training: Educate employees about ransomware risks
  • Incident response planning: Prepare procedures for potential attacks
  • Regular security audits: Identify and address vulnerabilities
  • Vendor security assessment: Evaluate third-party security practices
  • Insurance coverage: Consider cyber insurance policies

Response to Ransomware Attacks

If infected with ransomware:

  1. Isolate infected systems: Disconnect from network immediately
  2. Don't pay ransom: Payment encourages attackers and offers no guarantees
  3. Report to authorities: Contact law enforcement and relevant agencies
  4. Assess the damage: Identify affected systems and data
  5. Restore from backups: Use clean, verified backups to recover
  6. Investigate entry point: Determine how the attack occurred
  7. Strengthen defenses: Address vulnerabilities that allowed the attack
  8. Monitor for reinfection: Watch for signs of persistent threats

Ransomware and Bot Networks

Bots often play a role in ransomware distribution, scanning for vulnerable systems and delivering ransomware payloads. Bot networks may also be used to conduct reconnaissance, identify high-value targets, or launch coordinated ransomware campaigns. Effective bot protection helps prevent both the initial infection vectors and the reconnaissance activities that precede targeted ransomware attacks.

prosopo-logo
Stop Automated Threats
Protect your systems with advanced bot mitigation
Secure Now

Related Terms

Malware

Cybersecurity

Threat detection

Botnet

Phishing

Ready to ditch Google reCAPTCHA?
Start for free today. No credit card required.
Get started →