The Oxford dictionary defines ransomware as "a type of malicious software designed to block access to a computer system until a sum of money is paid." It usually involves locking/encrypting the user’s system and/or files file, and demanding a ransom before a decryption key is released to the victim.

Ransomware operators often place a deadline on their demands and when victims are unable to meet the deadline, they risk never regaining access to their systems/files or having the ransom increased. Victims of ransomware range from private individuals to organizations and businesses.

Examples of popular ransomware groups include Conti, CryptoLocker, Lockbit, NotPetya, WannaCry, REvil, Bad Rabbit, Ryuk, etc. Variations in the forms of ransomware continue to increase as its operators develop innovations by frequently changing codes into new variants to avoid being easily detected.

One of the most recent is the Revil attack on KASEYA, an IT company, in July 2021. The same hacker group had previously attacked Acer in May and Quanta in April, and had circulated a fake software update using the victim’s Virtual System Administrator, which gave access to the company's direct clients and customers.

The attack had one million systems held on ransom with a demand of $70 million in bitcoin. However, the FBI would subsequently resolve the hack and help obtain the encryption keys without any ransom being paid.

Primary reasons organizations fall victim to ransomware include poor cybersecurity posture and delayed vulnerability situations to threat actors, especially when access has been gained previously.

How to Protect Your Organization from a Ransomware Attack

Organizations should have safety measures in place that protect against ransomware attacks. Perhaps the most important security measure is to ensure that you have up to date back-ups of your critical systems to allow for system restore in the event of a ransomware. Your systems also need to be updated often with appropriate security tool set up and anti-malware installed to detect and stop ransomware.

Usually, ransomware would display a message on the user’s screen with instructions for payment and information on what happened to your files. When this happens, administrators should react quickly. It is essential to seek an expert's intervention to discover the root cause and thorough cleanup.

Other protective measures that can be employed include;

• Securing email gateways to detect and block harmful emails that deliver ransomware quickly.
• Securing web gateways can also help detect malicious web ads that can lead to ransomware early enough.
• Use of mobile attack protection products for mobile devices
• Putting monitoring tools in place for server, network, and vital backup systems to enable early detection of unusual files and ransomware for immediate blockage before activating.