What is Ransomware?
Ransomware is malware that encrypts your files and demands payment (usually in cryptocurrency) for the decryption key. Modern ransomware groups also steal data and threaten to leak it - "double extortion."
$20+ Billion in Damages Annually
Ransomware attacks occur every 11 seconds. Average ransom payment exceeds $200,000.
How Ransomware Spreads
- Phishing emails - Malicious attachments or links
- Exploited vulnerabilities - Unpatched software
- Remote Desktop (RDP) - Brute-forced credentials
- Drive-by downloads - Compromised websites
- Supply chain - Infected software updates
Prevention Strategies
Essential Defenses
- Backup, backup, backup - 3-2-1 rule: 3 copies, 2 media types, 1 offsite
- Keep software updated - Patch vulnerabilities promptly
- Email filtering - Block malicious attachments
- Disable macros - In Office documents by default
- Network segmentation - Limit lateral movement
- Least privilege - Users only get access they need
Offline Backups Are Critical
Ransomware specifically targets backup systems. Keep at least one backup offline or air-gapped where ransomware can't reach it.
If You're Infected
- Disconnect immediately - Unplug network cable, disable WiFi
- Don't pay - No guarantee of decryption, funds more attacks
- Report - Contact law enforcement (FBI IC3 in US)
- Identify the strain - Check nomoreransom.org for free decryptors
- Restore from backup - After wiping infected systems
- Investigate - How did they get in? Close that gap.