What is Ransomware?

Ayisha Bari Headshot
Ayisha Bari
Cyber Security Writer

If you’ve heard of ransomware attacks in the news, you’ll know they can result in big losses for big businesses. But the fact is that organisations of any size can fall victim to an attack, and often the smaller your business is, the more severe the impact.

Ransomware can be carried out easily via phishing techniques, and hackers view it as a lucrative source of income. In this blog, we give you a quick start overview of ransomware, accompanied by some fun and fresh videos from one of our security experts on how it works, the potential risks to business and how to stop it in its tracks.

Explaining ransomware

Ransomware is any type of malware that encrypts your systems, files, and data. When hackers attack using ransomware, they usually attack whole business infrastructure, rendering entire systems inaccessible to users.

Ransomware often gets into an organisation via corrupted files delivered through phishing emails but can get in through malware infected USBs or other hardware and spread through vulnerabilities in Remote Desktop Protocol or Virtual Private Networks.

When a user downloads and opens an attachment or link to a seemingly harmless file, malicious code can be executed which encrypts files and systems data, spreading rapidly between systems.

How does ransomware work?

  • Threat actors will use an attack method such as phishing which relies on users downloading and opening a link or attachment. Plugging in malware infected devices or visiting websites that execute drive by downloads can also introduce ransomware to a system.
  • Ransomware is a type of malware that unlike those used in stealth attacks, makes itself known by spreading rapidly throughout the network, encrypting endpoint user access, and bringing business activities to a halt.
  • Users will be notified via the ransomware itself which displays a message on the screen informing users that their data has been encrypted and demanding payment in return for a decryption key needed to restore files.
  • If the user decides to pay the ransomware to recover their data, they should be provided with a decryption key for unlocking their files. However, they may not receive the key even after payment, or their data may be sold or stolen by attackers to demand further payments.

How to prevent ransomware

Most ransomware attacks are opportunistic and unsophisticated in terms of the malware that is initially deployed, and the good news is that these low effort attacks can be prevented by carrying out basic security measures. Staff training is a great place to start if you want to stop ransomware from getting into your business in the first place, and annual penetration testing will ensure that you don’t leave any vulnerabilities unchecked.

Types of ransomware

Most ransomware works by encrypting files and locking users out of systems, but sometimes hackers may bluff an attack with scareware, which flags up warning signs that a system has been hacked and tries to sell fake security software to fix non-existent problems. Another way hackers deploy ransomware is by stealing confidential business files and information and threatening to leak them on the dark web, known as doxing. Doxware also encrypts files and can lead to double or triple extortion attacks where hackers demand multiple payments to keep stolen data from being leaked in the future.

Ransomware attacks

Ransomware often gains notoriety for proliferating throughout networks and infecting multiple businesses. Some notable attacks include WannaCry, an attack which infected thousands of computers worldwide in 2017, and more recently the MOVEit attack of 2023, which used an existing vulnerability in widely used software to launch a zero-day attack against over 600 businesses, including high profile companies Shell, British Airways, and the US Department of Energy.

Should you pay the ransomware?

While a company might be tempted to pay up out of sheer panic, most cyber security professionals advise against this as there is no guarantee that the hackers will hand over the decryption key. Paying the ransom also encourages more ransomware, as attackers will continue to do it if it proves to be a lucrative revenue stream.

What companies should do instead is fix the vulnerability that led to the ransomware and restore their systems from data backups!

Ayisha Bari Headshot

Meet the author

Ayisha Bari Cyber Security Writer

Ayisha is a tech writer and marketer with a passion for all things cyber and an interest in researching the latest threats. She aims to help teams stay safe online by raising awareness and writing articles that are quick to digest for a busy audience.

Stop ransomware from getting in with a penetration test

Penetration testing can stop ransomware from getting into your business by helping you find and fix your security flaws. Get more info or get a fast pen test quote today.

Discover penetration testing

Related resources

Trusted cyber security & compliance services from a certified provider

Get a quote today

If you are interested in our services, get a free, no obligation quote today by filling out the form below.

(1,500 characters limit)

For more information about how we collect, process and retain your personal data, please see our privacy policy.