Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data after payment. Users are shown instructions on how to pay a fee to get the decryption key. Costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.
* we recommend sending files in zip or rar format
There are several vectors that ransomware can use to gain access to a computer. One of the most common delivery systems is phishing spam – attachments that arrive at the victim in an email, disguised as files they should trust. Once downloaded and opened, they can take control of the victim’s computer, especially if they have built-in social engineering tools that trick users into granting administrative access. Some other more aggressive forms of ransomware, such as NotPetya, exploit security holes to infect computers without having to fool users.
There are several ways in which attackers choose the organizations to target with ransomware. Sometimes it’s a matter of opportunity – for example, attackers might target universities because they tend to have smaller security teams and a disparate user base that does a lot of file sharing, making it easier to penetrate their defenses.
On the other hand, some organizations are tempting targets because they seem more likely to pay a ransom quickly. For example, government agencies or medical facilities often need immediate access to their files. Law firms and other organizations with sensitive data may be willing to pay to keep news of a compromise silent, and these organizations may be particularly sensitive to leakware attacks.