Everything You 
     Need To Know
   About Ransomware

Understand. Prevent. Recover.

What Is Ransomware? 

As attacks continue to explode, the question is increasingly asked: What is ransomware? Simply put, ransomware is a type of malware attack that relies on the threat of extortion to get money from its victims.

The Attack

The attack occurs once a bad actor gains entry into an organization’s systems. Once inside, the malware encrypts some or all of the target’s files, making them inaccessible. The next step is to message the infected organization, alerting them to the attack. The message also contains a promise to send the key to decrypt the files for a fee, almost always payable in cryptocurrency such as Bitcoin.

The Scourge

Over the past several years, ransomware has quickly become the scourge of the IT industry. It has crippled some organizations, bankrupted others, and become the source of greatest fear among IT security professionals.

The Scope

Ransomware has been around for decades now—since the late 1980s, in fact—but in the last few years it has eclipsed most other types of security breaches in its scope and severity. Ransomware attacks are getting more sophisticated and easier to launch, as tools that automate these attacks have begun to proliferate, and even be provided as a service.

The Turning Point

A turning point in the public’s perception of ransomware’s dangers occurred in May 2021 with the attack on the U.S. Colonial Pipeline, which caused gas shortages, among other problems. The bad guys got into the company’s systems as the result of a single compromised password.

How Does Ransomware Work?

How does ransomware work? It starts with a vulnerability on your network. That vulnerability can take many forms: a phishing email that someone opens, a compromised password, or a malicious website a worker is convinced to visit.
And the less secure an organization’s IT infrastructure, the more likely it is to be victimized by ransomware. An unpatched, Internet-facing server is especially vulnerable, as is an application that’s not up-to-date. Networks can be hacked if they have weaknesses in a router. Operating systems of all kinds are juicy targets for ransomware.
The same goes for end-user systems, like desktops, laptops, and mobile phones. These attacks can rely on a combination of “social engineering”—fooling users into unsafe actions like clicking on email links or downloading attachments—and technical methods of entry, like automated attacks that look for vulnerabilities.

Once it gets on the network ... 

... it’s pretty much Game Over for an organization. Files are encrypted, and the only way to decrypt them is with the mathematical key held by the attacker. At that point, it’s pay up (usually in Bitcoin or other cryptocurrency) or lose all the data.
Companies are having discussions on whether or not to pay the ransom. Paying is unwise, for numerous reasons. Two of the most important are:
Rarely is all the data recovered. Statistics show that about 65% of the data is recovered on average.
Once a company shows a willingness to pay, they become targets for more attacks. This can be in the form of another ransomware attack immediately following the first, or a blackmail attempt whereby the hackers threaten to publicly release the confidential data stolen unless the company pays up again.

How To Prevent Ransomware?

IT security workers these days are obsessed with thoughts of how to prevent ransomware. The costs in terms of not only paying the ransom, but revenue losses due to business downtime can be devastating to an organization. In addition, no one wants their organization’s name to appear in the media as a ransomware victim, as reputational damage can be as bad, or worse, than the financial consequences of an attack.

Fortunately, there are a number of steps you can take to prevent ransomware.

The No.1 Way!

One of the most important—and overlooked—steps is educating your employees on how to spot phishing attacks. This is still the No. 1 way that ransomware attacks begin.

First Line of Defense

To that end, show your users how to spot a suspicious email, which usually has telltale marks like poor spelling or grammar, an urgent request which must be acted upon immediately, and so on. Warn them against opening attachments, and verify with the sender if they’re unsure whether or not the email is genuine.

Admin's Role

Admins can do their part by reviewing all permissions across the organization and setting strict password policies. Enforcing a minimum length requirement, and requiring a mix of uppercase and lowercase letters, numbers, and special characters are best practices.

Crucial Steps

It’s also crucial to ensure your systems are hardened. That starts with making sure every device on your network, whether a server, switch, router, laptop, etc., is patched and fully up-to-date. Deny unknown devices like USB sticks access to the network, and install a Zero Trust environment so that everything on your network must prove that it’s safe before getting access.

Need Help?

This all sounds overwhelming, but there are plenty of vendors out there to help. They can automate much of these processes, and they’ll work closely with you to keep the bad guys out.

Want More Like This?

Sign Up To Receive Our 
Monthly Ransomware Newsletter

How To Remove Ransomware

So, you’ve been hit by ransomware. Don’t feel bad.  
It’s a big—and unfortunately, growing—club.

Step 1 - Shock!

After the initial shock, you’ll need to know how to remove ransomware. Fortunately, there are also a growing number of methods to do this, including many vendor solutions that make it easier.

To Pay or Not to Pay

The first, but worst, instinct of many companies is to simply pay the ransom, get the key from the attackers to decrypt their files, and restore their data. This is the most obvious fix, and would seem to be the easiest and quickest way to start undoing the damage.

Resist the Urge

You should resist this urge. For one thing, recent studies show that for a typical ransomware attack, only about 65% of the victim’s data is actually restored. That’s a very poor return on your payment.

Once Is Not Enough

The second reason is that once you’ve indicated your willingness to pay, the thieves will target you again, either via another ransomware attack, a blackmail attempt in which they threaten to release sensitive information stolen from your files, or both. In fact, you can’t even be sure you’ll get the decryption key from the attackers.

A Better Option

A better way is to use ransomware decryption tools to nuke the ransomware and recover your data. Much known ransomware has decryption tools that will unlock your files again. This method is a bit of a shot in the dark, especially since new ransomware variants are always being released into the wild.

Lock It Down

Ultimately, the best way to remove ransomware is by being proactive. That means having immutable (i.e., unchangeable) backups of your precious data ready to be restored quickly. There are many vendors working in this space, who have automated backup and restore capabilities available both on-premises and in the cloud for extra resilience.

More About Ransomware

The Real Cost of

Learn More

Ransomware in
    the News

Learn More

Examples of

Learn More

The Real Cost of Ransomware


It’s common to think that paying the fee is the most expensive part of being hit by a ransomware attack. But in most cases, that’s a false assumption. So how much does ransomware cost in real-world scenarios? More than you imagine.


Let’s start with the cost of downtime for your organization. If you have a high-volume online sales platform, for instance, any downtime is expensive. And the downtime to recover from a ransomware attack, which can involve many steps, can be devastating.


Then consider the cost to your business’s reputation. If you’re in the news from a ransomware attack, that can influence current and potential customers, as well as advertisers, partners, and so on. Losing that trust directly affects your company’s bottom line.


You’re also likely to implement much stronger cybersecurity measures, which may cost a bundle. You’ll also see an increase in insurance premiums, including ransomware insurance. There’s also the possibility of legal issues arising, settlements, etc. It could get very ugly.
In other words, paying the ransom may be the least of your financial worries from an attack.

Examples of 

What kinds of ransomware is out there in the wild?
While there are plenty of ransomware examples, and a nearly infinite number of variations, some types remain popular with hackers, and pop up again and again.
WannaCry is one of the most famous ransomware examples. Released in May 2017, it hit an estimated 200,000 computers in 15 countries. U.S. and U.K. officials claimed that North Korea was behind the attack.
CryptoLocker was released in 2013. The most notable aspect of CryptoLocker is that it was the first ransomware to demand payment in cryptocurrency. That opened the floodgates for ransomware becoming a plague, since it created a business model for attackers.
Locky, which descended on the world in 2016, became the first widespread ransomware, and sent out as many as 500,000 phishing emails per day. It’s worth noting that 2016 has been called “The Year of Ransomware,” since many different types came out that year, including Petya, SamSam, Cerber, and others.

Ransomware in the News

Ransomware news is everywhere these days. It’s nearly impossible for a week to go by without reading or hearing about another company that was hit by an attack.

Colonial Pipeline

The most recent gold standard for ransomware in the news, of course, is the Colonial Pipeline attack in May 2021. In that attack, which hit the source of 45% of the fuel used on the Eastern Seaboard of the United States, a criminal gang of hackers calling itself DarkSide caused the price of fuel to briefly skyrocket.

Wakeup Call

It served as a wakeup call to many—not only the brazenness of the attack, but the ability of ransomware to take out a critical bit of U.S. infrastructure shook up the IT industry, bringing a new urgency to efforts to protect and defend against the ransomware plague.

Have You Heard

In a recent story about the growing threat of ransomware, it was reported in late September 2021 that Russian hackers launched a ransomware attack against two farming co-ops in Iowa and Minnesota. The Minnesota attacks badly disrupted the victims’ daily operations. In the other attack, the hackers demanded a $5.9 million payment in cryptocurrency, which is the favored payment method.
Unfortunately, the ransomware news isn’t likely to slow down anytime soon.

What Is

" is dedicated to combatting the plague of ransomware. We help readers understand the threat, take proactive steps to protect themselves, and show them how to recover if they are victimized."

From The Blog

The Real Costs of Ransomware
To make a rational risk assessment about any scenario, you need to know what the possible outcomes are, and the consequences of each outcome. The alternative to proactive investment is reactive crisis response, which most frequently manifests in the form of this question when it comes to ransomware:...
Read More
Ransomware Gangs Enter the ‘Exploit-as-a-Service’ Market
Readers of this site (as well as our book, “Ransomware: Understand. Prevent. Recover”) will know that ransomware-as-a-service is becoming a popular way for cybercriminals to make money. Now that service model is being applied to zero-day exploits, leading to the rise of “exploit-as-a-service....
Read More
Two Prominent Ransomware Hackers Targeted by U.S. Authorities
“Our message to ransomware criminals is clear: If you target victims here, we will target you,” reads the warning from Deputy U.S. Attorney General Lisa Monaco. It’s no idle threat, either—it was attached to a press release detailing the arrest of two people allegedly involved in several Sod...
Read More
BlackMatter Ransomware Group Allegedly Ceases Operations
Oh BlackMatter, we hardly knew ye. The criminal ransomware gang that first appeared in July 2021 has apparently ceased operations as of November 2021. In that short lifespan, however, it still managed to wreak significant havoc with its attacks. Vx-underground, which tracks ransomware, Tweeted out p...
Read More
Ransomware Group Finds New Way To Exploit Victims
In business, when one profit stream slows down and starts to dry up, other revenue streams have to be found. This is true even of ransomware, which is big business these days. That may be why the notorious group Conti is branching out into a potentially new area—selling data from victims to the hi...
Read More
Ransomware Group REvil Suffers Its Own Attack
The criminal gang responsible for the Colonial Pipeline ransomware attack in May 2021 got a taste of its own medicine recently, when it was hacked and taken offline. Reuters reports that the cybercriminal organization “REvil,” based out of Russia, was targeted by a “multi-country operation,”...
Read More