Hey everyone! It’s time for another “ask me” post.
If you’re new, welcome! Allow me to explain a bit…
It is my hope that I can help explain things related to cyber and information security (or InfoSec) to non-technical, everyday people.
I don’t want these to be long, lengthy, drawn-out posts. It is my goal to make these short, sweet, and to the point. I hope you enjoy these, and hopefully learn something from them as well. 🙂
With that said…
What is Ransomware?
Here’s a term I’m sure a lot of you have been seeing/hearing a LOT of being thrown around the interwebs/media.
“BREAKING: XYZ Company has just announced that they’ve been infected by ransomware…”
“So-and-So Corporation has just been breached by hackers and infected with ransomware…”
What exactly IS ransomware?
Quite simply, ransomware is malicious software, better known as malware. The objective of this malware is to simply hold data for ransom. It’s usually accomplished by infiltrating a user’s/business’s network, finding any valuable data, and then encrypting that data so that it’s unreadable by the victim. The cyber criminals then contact the company and ask for a ransom to be paid in order for them to decrypt their data, and restore it.
In the early days, the criminals would simply encrypt the data, and when the ransom was paid, they would offer the means to decrypt the data, and be on their merry way. Now, they have taken to extracting copies of any valuable or incriminating data before encrypting everything, and then threatening to leak or expose their findings to the public, or even sell the valuable data to the highest bidder (other criminals, or even competing businesses!) if the ransom is not paid.
Get this: to even better “support” the victims, most organizations that create ransomware have help desks, and even call centers to assist victims with payment and decryption of their data. Nothing like being helpful, right? 😛
I hope this has helped you better understand what ransomware is, and how nasty it can be. If any of you have questions that you’d like answered, be sure to let me know, and I’ll do my best. Just send an email to firstname.lastname@example.org.