Ransomware

TECHNICAL DEFINITION

Ransomware is a sophisticated cyberattack involving malicious software (malware) that encrypts a victim's data, rendering it inaccessible, and demands a ransom payment, typically in cryptocurrency, for the decryption key or to prevent data exfiltration, representing a significant threat to data integrity and operational continuity across organizations.

BACKGROUND

Ransomware is a type of malware that encrypts the victim's personal data until a ransom is paid. Difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are commonly used for the ransoms, making tracing and prosecuting the perpetrators difficult. Sometimes the original files can be retrieved without paying the ransom due to implementation mistakes, leaked cryptographic keys or a complete lack of encryption in the ransomware.

SYNONYMS & ALIASES

• ransom malware
• cryptovirus
• crypto-ransomware
• extortionware

USAGE NOTE

It is a pervasive cyber threat that can cripple organizations, forcing a difficult decision on whether to pay the ransom or attempt recovery from backups.

DEVELOPERS

Organizations developing technology related to Ransomware.

• CrowdStrike

  A cybersecurity technology company that provides cloud-delivered endpoint protection, threat intelligence, and incident response services, with strong capabilities in preventing and detecting ransomware.

• Palo Alto Networks

  A global cybersecurity leader providing next-generation firewalls, cloud security, and security operations solutions designed to prevent sophisticated cyberattacks, including ransomware.

• Sophos

  Develops a range of cybersecurity products including endpoint protection, encryption, network security, and unified threat management, with specific technologies focused on detecting and blocking ransomware.

• Trend Micro

  Offers cybersecurity solutions for enterprises, small businesses, and consumers, including advanced threat protection against ransomware for endpoints, servers, and cloud environments.

• Veeam

  Specializes in backup, disaster recovery, and data management software, which is crucial for organizations to recover from ransomware attacks by restoring data.

• Fortinet

  Provides a broad portfolio of cybersecurity solutions including firewalls, endpoint security, and network security, all contributing to a comprehensive defense against ransomware.

• Microsoft

  Develops extensive cybersecurity features within its operating systems, cloud services (Azure), and security products (Microsoft Defender suite) to protect against ransomware and aid in recovery.

• Mandiant (Google Cloud)

  A leading provider of incident response, threat intelligence, and security advisory services, specializing in helping organizations respond to and recover from sophisticated cyberattacks, including ransomware.