What is a ransomware attack? Ransomware has grown to be one of the biggest problems on the web. Victims can often only regain access to their encrypted files and PCs by paying a ransom to the criminals behind the ransomware. A ransomware infection often starts with someone clicking on what looks like an innocent attachment, and it can be a headache for companies of all sizes if vital files and documents (think spreadsheets and invoices) are suddenly encrypted and inaccessible. But that's not the only way to get infected. Cybercriminals didn't used to be so obvious. If hackers infiltrated your corporate network, they would do everything possible to avoid detection. It was in their best interests not to alert a victim that they'd fallen victim to a cybercriminal. But now, if you are attacked with file-encrypting ransomware, criminals will brazenly announce they're holding your corporate data hostage until you pay a ransom in order to get it back. It might sound too simple, but it's working: cybercriminals pocketed over $1bn from ransomware attacks during 2016 alone and a Europol report describes it as having "eclipsed" most other global cybercriminal threats in 2017.
The average ransom demand by hacker to release files encrypted by their ransomware attack has almost doubled in 2019. Figures drawn from cases handled by cyber security company Coveware show that the average ransom organisations paid per incident during the first quarter of this year stands at $12,762, compared to $6,733 in the final quarter of 2018. The sharp increase in ransom payments is linked to the emergence of more expensive and more hands-on forms of ransomware like Ryuk, Bitpaymer and Dharma. While ransomware attacks of the past generally relied on spamming out large numbers of phishing emails in the hope of getting a few hits, now cyber criminal groups are taking a more focused approach with attacks. They'll exploit vulnerabilities in remote desktop protocols or abuse stolen credentials to gain access to systems, moving around networks and laying the groundwork for their ransomware to encrypt as many PCs as possible for the maximum impact.