As its name suggests, ransomware is a type of malware that blocks a user’s access to company files until a ransom is paid.
Ransomware attacks can encrypt a large volume of highly sensitive files, and organizations will often pay the ransom since it’s seemingly the quickest way to avoid further damage.
A ransomware attack can cost businesses anywhere from a few hundred to several thousand dollars, and is one of the more common types of malware attacks. This range doesn’t account for the costliest aspects of being a ransomware victim, which may include downtime, data loss, compliance issues, customer churn, bad publicity, and legal consequences.
The emergence of ransomware-as-a-service (RaaS) has increased the relevance of ransomware attacks. Through a subscription model, hackers receive a kit with everything they need to launch an attack, including ransomware code and a decryption key. RaaS means low-skilled hackers can present significant threats to an organization’s cybersecurity.
Ransomware attacks frequently surface in the news as hackers attempt to exploit vulnerable institutions, often in high-stakes industries such as healthcare. While numerous ransomware variants exist, several high-profile examples are notorious for exacting devastation on their victims. They include:
Ryuk. Ransomware that spreads initially through a phishing email and installs an exploit kit, often Trickbot or Emotet.
Maze. A variant of ChaCha, Maze is often delivered through spam emails that contain malicious links or attachments, remote desktop protocol (RDP) attacks, or exploit kits.
REvil (Sodinokibi). A strain of ransomware delivered through phishing emails, exploit kits, and server vulnerabilities. REvil is available as RaaS.
Mailto (NetWalker). First detected in August 2019, this ransomware variant spreads via phishing and password-spraying campaigns.
DarkSide. A variant responsible for the Colonial Pipeline attacks in May 2021, DarkSide is delivered through RDP brute force attacks and is available as RaaS.
Common delivery methods for ransomware
- Phishing emails
- RDP brute force attacks
- Server vulnerabilities
- Exploit kits
- Compromised accounts
Protecting yourself from a ransomware attack requires a comprehensive approach to cybersecurity. This includes practicing good cyber hygiene, such as regularly scanning your network for vulnerabilities, keeping software and operating systems up-to-date, and providing user awareness training. It also includes other forms of protection:
- Anti-malware solution.
- Anti-phishing solution
- Anti-spear-phishing solution
- Anti-virus software