What Is Ransomware?

What Is Ransomware?

Ransomware is malware that restricts or prevents a user from accessing files on their device until a ransom is paid. Ransomware works by encrypting the files on a target device, effectively blocking the user's access.

Over the past several years, ransomware has become the most widespread, expensive, and destructive form of malware. With criminals increasingly targeting critical infrastructure and a new ransomware attack occurring roughly every eleven seconds, it’s a threat that can cripple not just organizations but also critical infrastructure. Recent high-profile attacks such as Colonial Pipeline represent unsettling attestations to this. 

The problem is only growing worse. Many criminals are now resorting to double, triple, and even quadruple extortion strategies, and the average ransomware attack cost has already topped seven figures. 

How Ransomware Works

At its most basic, ransomware is simply a digital extortion scheme. It uses encryption to lock down systems and devices to force the victim to pay a ransom. An infected device could be anything from an office PC to critical hospital infrastructure.

This means that ransomware has the very real potential to put lives at risk. 

Some ransomware does more than simply lock access. It may also be capable of exfiltrating data for distribution, sale, or further extortion attempts. Some ransomware programs are also designed for lateral movement, while others can completely wipe out infected systems. 

Recent Ransomware Attack

The Colonial Pipeline breach is one of the most significant and troubling ransomware attacks in recent memory, but 2022 has had its fair share of devastating incidents, as well.

Bernalillo County

Echoing the cyberattack against Baltimore in 2019, Bernalillo County saw the entirety of its government services brought to a screeching halt by ransomware in early January. 

Costa Rica

Beginning in early April, ransomware group Conti targeted the Costa Rica government with ransomware, completely disrupting the ministry of finance and causing the country to declare a national emergency. A second attack a month later targeted the Costa Rican social security fund. In February, another victim of Conti, KP Snacks, had to deal with a crumbling supply chain after its order management system was locked down by ransomware. 

French Ministry of Justice.

In late January, the LockBit ransomware group claimed to have hacked France’s Justice Minister, threatening to publish sensitive documents if the Ministry failed to pay a ransom.

Toyota

In March, Toyota was forced to halt production at all Japanese plants in the wake of a ransomware attack on a major supplier. 

Parker Hannifin

Aerospace, mobile, and industrial OEM Parker Hannifin confirmed in April that it suffered a ransomware attack, courtesy of Conti. The ransomware group published 5 gigabytes of employee data, claiming it was three percent of what it exfiltrated. 

Kellogg Community College

A Michigan-based college was forced to close its campus and cancel all classes after being hit by a ransomware attack. The college restored operations quickly and issued a mandatory password reset for all students along with multi-factor authentication.  

City of Palermo

Ransomware group Vice Society targeted government services in Palermo, Italy in June, causing widespread outages that impacted roughly 1.3 million people. 

Baton Rouge General Medical Center

In early July, this major Mississippi hospital was forced to revert to paper medical records after its EHR system was brought low by ransomware. 

Port Phillip Prison

In July, one of Australia’s largest prisons had to suspend visits after a ransomware attack took control of its entire network. 

How to Prevent Ransomware

Ransomware prevention doesn’t need to be difficult, costly, or complicated—instead, your organization can significantly improve its defenses with just a few steps: 

  • Employee training and education
  • Proper software lifecycle management
  • Air-gapped, redundant backups
  • The right tools from the right vendors

CylanceGUARD for Ransomware Protection

As a human-centric subscription-based 24x7x365 Managed XDR service, CylanceGUARD® provides the expertise and support businesses need to prevent and protect against ransomware attacks. CylanceGUARD combines the comprehensive expertise embodied by BlackBerry Cybersecurity Services with AI-based Endpoint Protection (EPP) through CylancePROTECT®, continuous authentication and analytics through CylancePERSONA, and on-device threat detection and remediation through CylanceOPTICS®. In short, CylanceGUARD provides business with the people and technology needed to protect the enterprise from the modern threat landscape.
LEARN MORE

Related Resources:

Resource Icon Data Loss Prevention (DLP) Resource Icon Endpoint Security Resource Icon Endpoint Protection Platforms (EPP) Resource Icon Endpoint Detection and Response (EDR) Resource Icon Extended Detection and Response (XDR) Resource Icon Identity and Access Management (IAM) Resource Icon Managed Detection and Response Resource Icon Managed XDR Resource Icon MITRE ATT&CK Framework Resource Icon Mobile Threat Defense (MTD) Resource Icon User and Entity Behavior Analytics (UEBA) Resource Icon Zero Trust Architecture Resource Icon Zero Trust Network Access (ZTNA) Resource Icon Zero Trust Security Resource Icon Security Information and Event Management (SIEM) Resource Icon Secure Access Service Edge (SASE)
More Resources