What is ransomware
and how to prevent
ransomware attacks

Author: Shane Schick

No matter the industry or sector, holding data hostage can bring business operations to a halt. Cyber criminals know this, which is why ransomware attacks have become a critical threat to consider as part of an IT security plan.

According to the Verizon 2021 Data Breach Investigations Report, 10% of data breaches involved ransomware attacks over the past 12 months. This is double the frequency researchers had tracked the previous year. The financial impact was also substantial: 95% of incidents involved amounts starting at $69 and reaching as high as $1,155,775. Attacks have hit major corporations such as Robin Hood and even government entities and the police.

Seasoned business professionals might be familiar with traditional malicious software, or malware, but wonder, "how is ransomware different?" It's important to understand the nature of the threat in order to defend against it.

What is ransomware?

As its name suggests, ransomware attacks go beyond simply stealing corporate data and misusing it or selling it to a third party. Instead, cyber criminals find a way to infiltrate a corporate network or device, encrypt the victim's files and then demand payment in order to restore access.

The ransom demand is sometimes communicated to the victim by a message posted on their device's screen. In addition to a specific amount, attackers might include instructions on how to send payment and stipulate that it needs to be in a currency such as bitcoin.

How ransomware attacks happen

Much like traditional malware, ransomware often makes its way into an organization through phishing schemes. An employee receives an email that might look like a message from a legitimate sender, for example, and contains a request to click on a specific URL. If they do, the ransomware is downloaded and can then take over the victim's device.

Other attack vectors for ransomware include remote desktop protocols (RDP) with weak security credentials or vulnerabilities within software that leave the door open to unauthorized third parties.

Mitigating and managing ransomware attacks

If you're hit with ransomware, you may be able to reboot in safe mode or restore your device to a previous state. This won't decrypt your files, however. Another common best practice is to create separate backups of all your key files and to have effective security monitoring tools in place.

Given how the attacks tend to begin, having a plan to stay ahead of ransomware threats should start by training employees on what is ransomware, what are phishing schemes and how do they work?  At the same time, you should ensure all software is patched and updated.

Make sure your service provider has expertise in ransomware and has developed proactive strategies to minimize your risks.


What is a ransomware attack? +
  • A technique whereby cyber criminals lock a victim out of their device and make it impossible to access their files and data.

How do ransomware attacks work? +
  • After gaining access to a victim's device and encrypting their files, attackers send instructions with their financial demands and payment instructions.

How does ransomware get on your computer or into your IT systems? +
  • Phishing schemes, remote desktop protocols or through software vulnerabilities.

Can ransomware be removed? +
  • Sometimes, if the device is restored to a previous state.

What does ransomware do? +
  • Encrypts files so they cannot be accessed without paying a ransom.