Ransomware
Malware is a term used to describe a malicious application used by threat actors to compromise, modify, damage, or destroy applications, data, systems and entire environments. Ransomware is a type of malware designed to block access to computer systems or files until a ransom is paid.
Look for Early Indicators.
-
Suspicious emails - Emails with suspicious links or attachments, which may be used to spread ransomware.
-
Unusual network activity - An increase in network traffic or unusual patterns may be a ransomware attack.
-
Unexpected system behavior - Ransomware can cause freezes, crashes, or slow performance, so investigate any unusual activity.
-
Unauthorized software installations - Monitor software installations and updates, as ransomware can install itself or other malware without the user's knowledge.
Ransomware is one of the most widely publicized types of malware, whereby threat actors will extort payment from their victims by offering decryption tools and keys that will reverse the effects of the ransomware. Data compromise and modification are often used by threat actors in conjunction with ransomware in order to further extort and apply pressure for payment. With the increase in ransom demands, cyber insurance applications are keenly focused on evaluating the risks of a ransomware attack.
A ransomware attack places enormous stress on any organization, but especially small and medium sized businesses that may not have up-to-date backups of all critical data or available IT resources to immediately address the incident and begin restoring compromised systems.