Ransomware is a form of malware that holds a computer system hostage until a ransom fee is paid. Ransomware typically infiltrates a computer system as a worm or Trojan horse that takes advantage of open security vulnerabilities. Upon compromising a computer, ransomware will typically either lock a user’s system or encrypt files on the computer and then demand payment before restoring the system or files.
How does ransomware work?
Most ransomware attacks occur when someone clicks on an infected email attachment or visits a malicious website. Once the ransomware is launched, it encrypts all files on the user’s device. At this point, the attacker typically threatens to publish the user’s files or hold the encryption key hostage until their demands are met. Because most ransom is paid in cryptocurrency, it is often difficult to trace and prosecute ransomware hackers.
In recent years, ransomware as a service (RaaS) has developed as a business model for hackers similar to that of legitimate software as a service (SaaS) providers. A single RaaS platform is licensed to multiple hackers with comparable onboarding documentation and monitoring dashboards. In terms of revenue, RaaS products are typically priced on a monthly subscription basis or a one-time fee. In some cases, hackers pay no up-front costs to use the ransomware platform, but share a cut of the ransom with the RaaS developers.
Notable ransomware attacks
Ransomware attacks have made cybersecurity headlines for more than 30 years. In 1989, the AIDS Trojan—also known as PC Cyborg—was the first known malware attack in which a ransom was demanded to release encrypted files. However, there was a flaw in the malware that neutralized the threat and meant the ransom never needed to be paid.
Nearly two decades later, the high-profile WannaCry attack of 2017 was facilitated by a worm that targeted Microsoft Windows devices. The exploit vector at the helm of the spread was allegedly developed by and leaked from the U.S. National Security Agency. In total, numerous companies around the world were impacted by the attack, including FedEx, the U.K.’s National Health Service, Boeing, Honda, and multiple government agencies.
Most recently, the Colonial Pipeline attack of 2021 created widespread disruption to the oil supply chain across the United States, causing fuel prices to skyrocket. Ultimately, the attackers were paid $5 million in bitcoin, the majority of which was recovered during a federal investigation over the following months.
Read more: 20+ Top Cybersecurity Startups to watch at eSecurityPlanet.com.
How to prevent ransomware
There are many preventative measures businesses can take to avoid becoming the victim of the next ransomware attack. These include:
- Implementing a regular backup maintenance schedule
- Creating and revising incident response and business continuity plans
- Implementing anti-malware and zero trust security tools
- Training staff to recognize malicious content
This article was updated by Kaiti Norton.