What is ransomware?
Ransomware is one of the biggest cybersecurity problems on the internet and one of the biggest forms of cybercrime that organisations face today. Ransomware is a form of malicious software – malware – that encrypts files and documents on anything from a single PC all the way up to an entire network, including servers.
Victims are left with few choices; they can either regain access to their encrypted network by paying a ransom to the criminals behind the ransomware attack, restore data the from their backups, or hope that there is a decryption key freely available. Or they start again from scratch.
Some ransomware infections start with someone inside an organisation clicking on what looks like an innocent attachment that, when opened, downloads the malicious payload and encrypts the network.
Other, much larger ransomware campaigns use software exploits and flaws, cracked passwords and other vulnerabilities to gain access to organisations using weak points such as internet-facing servers or remote-desktop logins to gain access. The attackers will secretly hunt through the network until they control as much as possible – before encrypting all they can.
SEE: Cybersecurity: Let’s get tactical (ZDNet special report)
It can be a headache for companies of all sizes