what is ransomware

Ransomware is a type of malware that encrypts a user or organizations critical data, making it inaccessible to them. The attackers then demand a ransom payment in exchange for providing access to the data. Ransomware attacks are typically carried out using a Trojan, which enters a system through a malicious attachment, embedded link in a phishing email, or a vulnerability in a network service. Once the program runs a payload, it locks the system in some fashion or claims to lock the system but does not. Ransomware can spread across a network and target database and file servers, quickly paralyzing an entire organization. Ransomware-as-a-service is a cybercrime economic model that allows malware developers to earn money for their creations without the need to distribute their threats. Non-technical criminals buy their wares and launch the infections, while paying the developers a percentage of their take. To minimize the risk of a ransomware attack, users should rely on high-quality ransomware protection software, maintain offline, encrypted backups of data, and regularly test backups. Victims of ransomware should report to federal law enforcement via IC3 or a Secret Service Field Office and can request technical assistance or provide information to help others by contacting CISA.