Ransomware is a cybersecurity threat that scammers use to infect computer files until a ransom is paid. After the initial infection, ransomware will try and spread to connected systems, including storage devices and other accessible computers.

If the demands are not met, the files or encrypted data will usually remain encrypted and unavailable to the victim. Even after a ransom is paid, some threat actors will demand additional payments or refuse to release the data. The federal government does not support paying ransomware demands.

Ransomware is commonly delivered through phishing emails or via “drive-by downloads.” Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment. A “drive-by download” is a program that is automatically downloaded from the internet without the user’s consent or often without their knowledge. It is possible the malicious code may run after download, without user interaction. After the malicious code has been run, the computer becomes infected with ransomware.

The first step to protecting data and networks is to backup computer systems frequently and verify backups regularly. Backups should be stored on a separate device that cannot be accessed from a network, such as an external hard drive.

Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel are informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.

Cyber threats can also be minimized by staying on top of operating system updates and security patches from software providers, verifying email addresses, being cautious opening email attachments and being familiar with potential new threats.

SOURCE: Cybersecurity and Infrastructure Security Agency