What Is Ransomware? This Information Security Menace Explained

illustration of a ransomware hacker in a dark hoodie with a laptop with icons representing what is ransomware

We live in the age of information, and information is power. While the latter adage has been a part of our vernacular for quite a while, it takes on new meaning today. Cyberattacks are now so common that news of them is hard to avoid. The COVID-19 pandemic and its related surge of online activity has created an even larger field of targets for virtual criminals.

“These types of attacks are increasing daily,” says Sarah McAvoy, managing director of Cyber Unlocked. “Given that we all use multiple devices every day, everyone should have basic cybersecurity training these days.”

Now is as good of a time as any to dig a little deeper into how these attacks function. In this article, we’ll explain what ransomware is, how it works and what people can do to avoid falling victim to ransomware attacks.

What is ransomware?

Ransomware is a type of cyberattack that often launches on an enterprises’ computer network, according to McAvoy. “In such an attack, a cybercriminal hacks into a network and encrypts all of the files and data in the network.” This way, no one else can access the data until a ransom is paid. If the victim does not pay the ransom, the attacker threatens to keep them locked out, destroy the data or release the information to the public.

It is important to note that paying a ransom does not guarantee that cybercriminals will give back the stolen data. The FBI advises any individual or company under the threat of ransomware to not pay the ransom but rather report the attack to the Internet Crime Complaint Center.

Who is at risk for a ransomware attack?

The simple answer is this: pretty much everyone. Any computer user is vulnerable and needs to understand ransomware attacks, according to Hector Ruiz, president and cybersecurity consultant of Corporate Shields. “Ransomware attacks are the most prominent and successful types of attacks due to their design,” Ruiz says. “Attackers are finding new and better ways to introduce these attacks into systems.”

Since individuals still stand to lose if they get locked out of their devices or if their photos and files are stolen, they remain vulnerable to attack. That said, businesses and organizations are often higher-value targets for criminals as they have more resources—and often more to lose—which may increase chances of a payout.

“In my opinion, the average person, and especially businesses, should be aware of ransomware and the damage due to loss of data as well as loss of revenue while recovering from an attack,” says Andrew Pantaleon, senior systems administrator at Forthright Technology Partners. Ransomware can cause expensive damage to a company in many different ways, making it foolish to ignore.

What types of ransomware are there?

“In the most general terms, there are two kinds of ransomware attacks: targeted and nontargeted,” says Pantaleon. In both cases, the end goal is locking files and extorting payment—but the steps leading up to ransomware deployment will be very different.

A targeted attack is more of a precision operation, like surgery, according to Pantaleon. “Targeted attacks involve an attacker actively looking for targets to launch ransomware on and will be much more sophisticated in how the attack is run.” In these cases, attackers may have access to a company network for weeks before they launch the attack. They learn about the systems, eliminate security measures and backups, and generally do all they can to make paying a ransom the only way out.

“The attackers will target things like financial data, personnel data—including social security numbers of employees—as well as possible trade secrets of a company,” Pantaleon explains. “They will leverage this stolen data, along with the ransomware, to further try to coerce companies into paying using the threat of leaking or selling this data on the dark web.”

Nontargeted attacks are more about casting a wide net and hoping to catch a target. Pantaleon says attackers can attempt this in many different ways, but phishing emails and fake advertisements are most effective. “An attacker will send thousands of generic emails to random people hoping that a handful of users will click a link or download an attached file that is malicious and will start the ransomware attack.”

Attackers use phishing emails with messages like “You just won $1000! Click here to claim your prize!” or more official-sounding things pretending to be your bank, your boss or the IRS to try and trick users, according to Pantaleon.

As for the actual software itself, ransomware can come in many forms. Some of the most common types of ransomware include:

Crypto-Ransomware

“In this type of attack, the cybercriminal encrypts all the files and data on a computer or network. The files and data can only be recovered by a decryption key that is provided on paying a ransom,” McAvoy says.

Scareware

Attackers use social engineering to trick a user into thinking their computer is infected with a virus, then they suggest downloading and paying for a software that will “remove the virus,” according to McAvoy. “In reality, the removal software encrypts the user's computer.”

Locker-Ransomware

Rather than simply encrypting valuable files, locker-ransomware locks users out of their devices altogether. A user will be unable to access anything on locked-out devices until the criminal allows them to.

Leakware

As the name implies, this method is all about leaking potentially sensitive personal information into the public domain unless the ransom is paid. Leakware attackers increasingly target organizations with very private information, such as hospital/healthcare networks and law firms.

Ransomware as a Service (RaaS)

Ransomware as a service is a type of targeted attack where ransomware companies/groups support hackers with tools, infrastructure and more to make the ransomware process easier. Talented hackers can then breach a target, deploy the outsourced ransomware and split the profits with their RaaS backer.

These attacks can be very sophisticated and even occur on geopolitical levels, with terrorists and nation-state actors targeting national repositories of information or critical systems.

How to protect yourself from ransomware

One way to protect yourself from ransomware is to understand the threat it poses. Just by reading this article, you’ve come closer to defending yourself against a ransomware attack! Beyond that, the best protection is prevention, according to Casey Crane, cybersecurity expert and researcher at TheSSLStore.com. Crane recommends the following steps to make yourself (or your business) as safe as possible:

1. Use network security measures

While this may not be a massive revelation, email filters, firewalls and antivirus software should be the starting point for everyone.

2. Keep software updated

Constant update notifications on our devices are no one’s favorite thing, but they are a key to making sure that your device is ready for any new attacks and won’t fall prey to pre-discovered security flaws.

3. Educate yourself

Teach yourself about the types of phishing attacks ransomware attackers might use. Keeping an eye on how they are evolving is the most effective way to limit your exposure.

4. Implement multifactor authentication

On the business side, there’s no reason to leave important information accessible to anyone in your company who doesn’t need it. Individuals can enable two-factor identification and similar processes to make things harder for attackers.

Level up your cybersecurity game

If the above steps are already in your review mirror, you might be interested in the field of cybersecurity. Cybersecurity and IT professionals combat ransomware by both prevention and mitigation (in case an attack breaks through), according to Pantaleon. Prevention means antivirus software, user training and strengthening access to systems. Mitigation involves backups secured away from the main system with as much vigorous monitoring and security as your primary system.

If that sounds interesting to you, consider this field as a potential career option. The world will certainly need more cybersecurity professionals. “Nowadays, it’s not a matter of if you’re going to sustain an attack—it’s a matter of when it will occur,” Crane says.

But the rising demand is only the beginning. Check out “Is a Cyber Security Degree Worth It? Analyzing the Facts” for a breakdown on what a degree in this field can offer.

About the author

Brianna Flavin

Brianna is a senior content manager who writes student-focused articles for Rasmussen University. She holds an MFA in poetry and worked as an English Professor before diving into the world of online content. 

Related Content

Related Content

This piece of ad content was created by Rasmussen University to support its educational programs. Rasmussen University may not prepare students for all positions featured within this content. Please visit www.rasmussen.edu/degrees for a list of programs offered. External links provided on rasmussen.edu are for reference only. Rasmussen University does not guarantee, approve, control, or specifically endorse the information or products available on websites linked to, and is not endorsed by website owners, authors and/or organizations referenced. Rasmussen University is accredited by the Higher Learning Commission, an institutional accreditation agency recognized by the U.S. Department of Education.

logo-accreditation-acen logo-accreditation-ccne chart-credential-laddering-associates-bachelors-masters 0 Credits 90 Credits 180 Credits 48 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE Start Here MASTER'S DEGREE PURSUERS End Here BACHELOR'S DEGREE End Here MASTER'S DEGREE chart-credential-laddering-associates-bachelors 0 Credits Start Here HIGH SCHOOL GRADS Start Here TRANSFER STUDENTS 90 Credits Start Here SECOND DEGREE PURSUERS End Here ASSOCIATE'S DEGREE 180 Credits End Here BACHELOR'S DEGREE chart-credential-laddering-msn chart-credential-laddering-nursing-programs chart-credential-laddering-nursing DNP MSN RN to BSN LPN to RN Bridge Accelerated BSN Professional Nursing ADN Practical Nursing Diploma Pre-Licensure Post-Licensure icon-colored-outline-bank icon-colored-outline-certificate icon-colored-outline-circle-dollar-sign icon-colored-outline-folder-search icon-colored-outline-hand-heart icon-colored-outline-head-blocks icon-colored-outline-head-cog icon-colored-outline-head-heart icon-colored-outline-health-plus-leaves icon-colored-outline-hospital icon-colored-outline-lifelong-learning icon-colored-outline-light-bulb-analytics icon-colored-outline-location-pin icon-colored-outline-magnifying-glass icon-colored-outline-monitor-healthcare icon-colored-outline-monitor-paper-search icon-colored-outline-nurse-rays icon-colored-outline-padlock-shield icon-colored-outline-person-presenter-screen icon-colored-outline-scales ras-logo-flame ras-logo-horizontal ras-logo-stacked icon-colored-advance icon-colored-arrows-cross-curve icon-colored-briefcase-star icon-colored-build icon-colored-bulb-analytics icon-colored-certificate icon-colored-continual-development icon-colored-duo-chatbox icon-colored-folder-mortarboard icon-colored-forward-ribbon icon-colored-gears-clock icon-colored-globe-pen icon-colored-growth icon-colored-hand-bubble icon-colored-hand-stars icon-colored-hands-gear icon-colored-head-blocks icon-colored-head-cog icon-colored-health-plus-leaves icon-colored-hospital-building icon-colored-laptop-cbe-skyscraper icon-colored-laptop-checkmark icon-colored-laptop-webpage icon-colored-location-map icon-colored-location-pin icon-colored-monitor-paper-scan icon-colored-mortarboard-dollar icon-colored-national icon-colored-people-chat-bubbles icon-colored-person-cheer-star icon-colored-person-laptop-checkboxes icon-colored-person-screen-instructor icon-colored-person-whiteboard icon-colored-phone-chatbox icon-colored-police-light icon-colored-prep icon-colored-presenter icon-colored-regional icon-colored-save-time icon-colored-shirt-hat icon-colored-skyscraper icon-colored-state icon-colored-student-centered icon-colored-support icon-colored-world-experience icon-triangle-arrow-up-plant icon-triangle-calendar-pencil icon-triangle-clock-rotating-arrows icon-triangle-display-gears icon-triangle-hand-right-speech-bubble icon-triangle-laptop-coding-brackets icon-triangle-mortarboard icon-triangle-paper-ribbon icon-triangle-person-cheer-star icon-triangle-person-juggle icon-triangle-triple-people-chat-bubble icon-modality-campus icon-modality-field icon-modality-online icon-modality-residential icon-arrow icon-bank icon-camera icon-filter icon-general-chart icon-general-connect icon-general-degree icon-general-discuss icon-general-email icon-general-find icon-general-hat icon-general-heart icon-general-laptop-building icon-general-laptop icon-general-leader icon-general-map icon-general-money icon-general-paperwork icon-general-people icon-general-phone icon-general-speak-out icon-head-heart icon-info-circle icon-mail-forward icon-mglass icon-play-solid icon-quote-mark-left icon-quote-mark-right icon-scales icon-share-square-o icon-simple-chat icon-simple-desktop icon-simple-find icon-simple-hamburger icon-simple-phone icon-spinner icon-tag icon-testimonial-quotes icon-util-checkbox-white icon-util-checkbox icon-util-checked-white icon-util-checked icon-util-chevron-down icon-util-chevron-left icon-util-chevron-right icon-util-chevron-up icon-util-circle-arrow-down icon-util-circle-dot icon-util-language-switch icon-util-loading icon-util-open-window-link icon-util-pdf-link icon-util-refresh icon-util-x rebrand-arrows icon-social-facebook-colored icon-social-facebook-square-colored icon-social-facebook-square icon-social-facebook icon-social-google-plus-square icon-social-google-plus icon-social-instagram-colored icon-social-instagram icon-social-linkedin-square-colored icon-social-linkedin-square icon-social-linkedin icon-social-pinterest-p-colored icon-social-pinterest-p icon-social-twitter-colored icon-social-twitter-square icon-social-twitter icon-social-youtube-play-colored icon-social-youtube-play graduate-cap-star-coin hand-coin hand-heart nurse-stethoscope-rays card-send-smile person-yoga-pose suitcase-star