Imagine you are working late one night when an alarming message pops up on your computer screen. It says someone has taken control of your entire network and you no longer have access to any of your critical files, financial records, or confidential client accounts — unless you pay a fee. You have just become the victim of ransomware. Though it may sound like the plot of a spy thriller, ransomware attacks happen to millions of businesses, organizations, and individuals every year.
What is Ransomware?
Ransomware is a category of malicious software, or malware, that locks users out of their systems unless they pay a ransom to the attacker. It works by encrypting system files so they are no longer readable. The victim must pay some form of compensation to regain control of their system and data.
Ransomware attacks usually originate from links or URLs embedded in email messages, or websites that utilize drive-by downloads to plant malicious files on a user’s computer. In the case of the recent WannaCry ransomware outbreak, attackers exploited a flaw in the Windows Server Message Block (SMB) Protocol to lock users out of their files and spread the infection to other users on the network.
After notifying the user that their system is compromised, the attacker will offer to unlock several files to prove that decryption is possible. Next, the user will be given a set amount of time to pay the ransom, which can range from a few hundred to several thousand dollars. Even after payment is sent, there is no guarantee the cybercriminal will hold up their end of the bargain and the victim may never feel secure again. Meanwhile, valuable time and resources have been lost.