{"id":29517,"date":"2023-04-06T14:30:42","date_gmt":"2023-04-06T14:30:42","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=29517"},"modified":"2023-07-26T19:15:26","modified_gmt":"2023-07-26T19:15:26","slug":"ransomware","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/","title":{"rendered":"What is Ransomware? Everything You Should Know"},"content":{"rendered":"\n<p>Ransomware is a type of malicious program, or malware, that encrypts files, documents and images on a computer or server so that users cannot access the data.<\/p>\n\n\n\n<p>Ransomware is the most feared <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-security-threats\/\">cybersecurity threat<\/a> and with good reason: Its ability to cripple organizations by locking their data is a threat like no other.<\/p>\n\n\n\n<p>Knowing what ransomware is and how it works is essential for protecting against and responding to such attacks. We&#8217;ll delve into what you need to know so you can begin to protect yourself against ransomware attacks.<\/p>\n\n\n\n<p>For readers coming to this article in a ransomware emergency, see <a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-to-recover-from-a-ransomware-attack\/\"><strong>How to Recover From a Ransomware Attack<\/strong><\/a>.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_68_1 ez-toc-wrap-left counter-flat ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-66d6db9f19c7e\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"ez-toc-cssicon\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ffffff;color:#ffffff\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ffffff;color:#ffffff\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-66d6db9f19c7e\"  aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#How-Does-Ransomware-Work\" title=\"How Does Ransomware Work?\">How Does Ransomware Work?<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#What-Is-a-Double-Extortion-Ransomware-Attack\" title=\"What Is a Double Extortion Ransomware Attack?\">What Is a Double Extortion Ransomware Attack?<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#What-is-Ransomware-as-a-Service\" title=\"What is Ransomware as a Service?\">What is Ransomware as a Service?<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#Notable-Ransomware-Attacks\" title=\"Notable Ransomware Attacks\">Notable Ransomware Attacks<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#8-Major-Ransomware-Groups\" title=\"8 Major Ransomware Groups\">8 Major Ransomware Groups<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#What-Are-the-Odds-of-Getting-Hit-by-Ransomware\" title=\"What Are the Odds of Getting Hit by Ransomware?\">What Are the Odds of Getting Hit by Ransomware?<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#Preventing-Ransomware\" title=\"Preventing Ransomware\">Preventing Ransomware<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#Best-Practices-for-Limiting-Ransomware-Damage\" title=\"Best Practices for Limiting Ransomware Damage\">Best Practices for Limiting Ransomware Damage<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#Ransomware-Response-Best-Practices\" title=\"Ransomware Response Best Practices\">Ransomware Response Best Practices<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#Ransomware-Recovery-Best-Practices\" title=\"Ransomware Recovery Best Practices\">Ransomware Recovery Best Practices<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#Should-I-Pay-the-Ransom\" title=\"Should I Pay the Ransom?\">Should I Pay the Ransom?<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#History-of-Ransomware\" title=\"History of Ransomware\">History of Ransomware<\/a><\/li><li class='ez-toc-page-1'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#Bottom-Line-Getting-On-Top-of-the-Ransomware-Threat\" title=\"Bottom Line: Getting On Top of the Ransomware Threat\">Bottom Line: Getting On Top of the Ransomware Threat<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How-Does-Ransomware-Work\"><\/span>How Does Ransomware Work?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>By encrypting data on devices, a ransomware attack leaves victims with few choices:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>They can try to regain access to the encrypted files, databases and applications by paying a ransom, although encryption keys provided by cyber attackers often don&#8217;t work<\/li>\n\n\n\n<li>They can hope to find a decryption key that does work<\/li>\n\n\n\n<li>Or they can try to restore data from backups and hope that attackers haven&#8217;t also encrypted that data<\/li>\n<\/ul>\n\n\n\n<p>Through the use of asymmetric encryption, cryptographic keys encode and decode data. These keys are available to the attacker, and the encryption can only be decrypted using a private key. The private key is only given to the target once the payment is given. Occasionally cybersecurity officials and researchers obtain the keys or crack the encryption code and make the keys freely available, but ransomware groups will typically respond by quickly changing their encryption approach to render the keys worthless.<\/p>\n\n\n\n<p>There are several methods of delivering ransomware attacks. Whether deployed by ransomware groups or individuals via <a href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware-as-a-service-raas-ttp-protections\/\">ransomware as a service (RaaS)<\/a>, the most common method of ransomware deployment is a <a href=\"https:\/\/www.esecurityplanet.com\/threats\/phishing-attacks\/\">phishing email<\/a>. The victim is sent an email with an attachment, and once they click on the link, the malware file downloads. The malware establishes itself on the endpoint and implements an infected binary on the system, encrypting everything from valuable database files to images and office documents. It may also replicate across networks and systems to infect other machines. You can often only retrieve your data by paying ransom to the attacker.<\/p>\n\n\n\n<p>The malware can also spread via chat messages, USB drives, or browser plugins too.<\/p>\n\n\n\n<p><strong>Also read:<\/strong> <a href=\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/\">How to Decrypt Ransomware Files \u2013 And What to Do When That Fails<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What-Is-a-Double-Extortion-Ransomware-Attack\"><\/span>What Is a Double Extortion Ransomware Attack?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Double extortion ransomware is an attack where the hackers exfiltrate the victim\u2019s sensitive information and threaten to release it, gaining added leverage to force a victim to pay the ransom. While a typical ransomware attack just encrypts the data, exfiltration raises the risk by threatening to make sensitive data public.<\/p>\n\n\n\n<p>During a double extortion attack, a ransomware operator acquires control of the <a href=\"https:\/\/www.esecurityplanet.com\/networks\/network-security\/\">victim network<\/a> through established threat vectors, then locates high-value assets, encrypts the data and exfiltrates it. If the victim doesn\u2019t pay the ransom, the attackers resort to blackmail, threatening to publish the sensitive information online.<\/p>\n\n\n\n<p>More recently, some threat groups have begun to <a href=\"https:\/\/www.esecurityplanet.com\/threats\/data-exfiltration-blackbyte-exbyte-hive-group\/\">add data destruction<\/a> to their arsenal to raise the stakes even further, and <a href=\"https:\/\/www.esecurityplanet.com\/networks\/ddos\/\">DDoS attacks<\/a> have also been threatened as a means of getting organizations to pay ransoms.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What-is-Ransomware-as-a-Service\"><\/span>What is Ransomware as a Service?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Ransomware as a Service (RaaS) allows less technically capable hackers to launch ransomware attacks by paying to use a threat group&#8217;s ransomware. This arrangement lowers the bar for threat actors wishing to enter the ransomware space and allows ransomware groups to increase their income by renting out the ransomware they&#8217;ve developed without having to launch the attack themselves.<\/p>\n\n\n\n<p>Even non-technical hackers can purchase the malware and infect systems and networks and pay the developer a portion of the ransom they collect.<\/p>\n\n\n\n<p>The developer has fewer risks, and the buyer does all of the work. Some examples of RaaS use subscriptions, while some need registration to acquire access. But regardless of how it&#8217;s done, RaaS has dramatically expanded the ransomware threat.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Notable-Ransomware-Attacks\"><\/span>Notable Ransomware Attacks<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/threats\/cryptolocker-spawns-endless-awful-variants\/\">CryptoLocker<\/a> ushered in the modern ransomware age in 2013, and in 2017, the devastating <a href=\"https:\/\/www.esecurityplanet.com\/threats\/report-finds-nhs-wannacry-attacks-were-easily-avoidable\/\">WannaCry<\/a> and <a href=\"https:\/\/www.esecurityplanet.com\/networks\/notpetya-cyber-attacks-point-to-a-need-for-comprehensive-risk-management\/\">NotPetya<\/a> ransomware attacks raised the threat&#8217;s profile significantly.&nbsp;&nbsp;<\/p>\n\n\n\n<p>One attack in particular thrust ransomware into the spotlight as never before, the May 2021 <a href=\"https:\/\/www.esecurityplanet.com\/trends\/colonial-pipeline-ransomware-attack\/\">Colonial Pipeline&nbsp;attack<\/a>. The pipeline carried around 45% of the U.S. East Coast gasoline supply and nearly shut down the southeastern U.S. before it was resolved. The DarkSide ransomware group also took 100GB of data, forcing the company to pay $5 million in bitcoin to reacquire access and control to the services.<\/p>\n\n\n\n<p>Ransomware attacks followed on Ireland\u2019s Health Service Executive System and meat processing giant JBS Foods, and then in July 2021, IT service management company Kaseya had a number of its downstream customers targeted by ransomware in a <a href=\"https:\/\/www.esecurityplanet.com\/threats\/kaseya-breach-underscores-vulnerability-of-it-management-tools\/\">software supply chain attack<\/a>. The culprit in both the JBS and Kaseya attacks was the REvil ransomware gang.<\/p>\n\n\n\n<p>In late 2022, <a href=\"https:\/\/www.esecurityplanet.com\/threats\/rackspace-breach-linked-to-new-vulnerability\/\">Rackspace became a ransomware victim<\/a> in one of the biggest cyberattacks ever suffered by a major cloud services vendor.<\/p>\n\n\n\n<p>Ransomware attacks doubled in 2021 and now number roughly 500 million a year, according to <a href=\"https:\/\/www.sonicwall.com\/news\/2023-sonicwall-cyber-threat-report-casts-new-light-on-shifting-front-lines-threat-actor-behavior\/\" target=\"_blank\" rel=\"noreferrer noopener\">SonicWall<\/a>. About the only good news is attacks declined 21% last year as fewer victims paid the ransom demands.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"8-Major-Ransomware-Groups\"><\/span>8 Major Ransomware Groups<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The most active ransomware gangs shift as groups go into hiatus and change structure, but here are some of the most active ransomware groups today.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">LockBit<\/h3>\n\n\n\n<p>This RaaS group has been the most active ransomware group over the last year. LockBit uses a double extortion method and was responsible for&nbsp;roughly 40% of ransomware attacks&nbsp;in the first few months of 2022. Some companies it has attacked are Bridgestone America and French Thales Group.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Clop<\/h3>\n\n\n\n<p>Identified in 2019, the Clop ransomware group has become one of the most prolific threat actors in recent years, with a number of high-profile attacks exploiting vulnerabilities and using double extortion techniques &#8211; including the very successful <a href=\"https:\/\/www.esecurityplanet.com\/threats\/clop-moveit-vulnerability\/\">MOVEit attacks<\/a> of 2023.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Hive<\/h3>\n\n\n\n<p>Hive attacked the Costa Rica Social Security Fund, Missouri Delta Medical Center, and Memorial Health System in Ohio. Hive functions as RaaS and uses the double extortion method.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">AlphV (Black Cat)<\/h3>\n\n\n\n<p>AlphV works as RaaS and uses a double extortion approach. It is the first gang that used the RUST programming language. It has attacked several elite companies such as Swissport airline, Moncler, and Austrian Federal State Carinthia.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Lapsus$<\/h3>\n\n\n\n<p>This hacking group is famous for using an extortion and destruction approach without organizing ransomware payloads. Lapsus$ recently hacked software company Globant, whose primary clientele includes Google and Disney. Lapsus$ was responsible for a destructive run of cyber attacks in early 2022, hitting some <a href=\"https:\/\/www.esecurityplanet.com\/threats\/lapsus-microsoft-okta-nvidia-samsung\/\">high-profile tech companies<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Conti<\/h3>\n\n\n\n<p>Around&nbsp;<a href=\"https:\/\/www.digitalshadows.com\/blog-and-research\/q1-2022-ransomware-roundup\/\" target=\"_blank\" rel=\"noreferrer noopener\">20% of attacks<\/a>&nbsp;in early 2022 were from Conti, the group behind the 2021 Irish health services attack. Conti uses a double extortion method and a multithreading system. The group was involved in some high-profile ransomware attacks, including JVCKenwood and the City of Tulsa.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Black Basta<\/h3>\n\n\n\n<p>Formed by former members of Conti and REvil, Black Basta&#8217;s victims have included the American Dental Association and AGCO. Black Basta uses a double-extortion RaaS model with the added threat of DDoS attacks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">REvil<\/h3>\n\n\n\n<p>And never count out REvil, which has gone in and out of business <a href=\"https:\/\/www.esecurityplanet.com\/threats\/revil-ransomware-group-returns\/\">a number of times<\/a>, <a href=\"https:\/\/www.secureworks.com\/blog\/revil-development-adds-confidence-about-gold-southfield-reemergence\" target=\"_blank\" rel=\"noreferrer noopener\">resurfacing again<\/a> in May 2022.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What-Are-the-Odds-of-Getting-Hit-by-Ransomware\"><\/span>What Are the Odds of Getting Hit by Ransomware?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The short answer is that the odds of an organization getting hit by ransomware are pretty high. About two-thirds of organizations have been hit by ransomware in each of the last three years, according to Proofpoint.<\/p>\n\n\n\n<p>There are, however, <a href=\"https:\/\/www.esecurityplanet.com\/threats\/what-ransomware-attackers-look-for\/\">some industries at higher risk<\/a> than others. Financial firms are a favorite target, not surprisingly. Education, government, energy and manufacturing are others.<\/p>\n\n\n\n<p>Cyber criminals have learned that it is not only businesses that make soft targets for the attacks. Hospitals and healthcare organizations are being infected by ransomware, <a href=\"https:\/\/www.esecurityplanet.com\/trends\/healthcare-cyberattacks-increase-mortality\/\">with predictably dire results<\/a>.<\/p>\n\n\n\n<p>Hospitals cannot afford to compromise patient information and thus are viewed as more likely to pay the ransom. Similarly, the education sector has also become a soft target for ransomware. Even small and midsize businesses (SMBs) have become targets because of their lack of cybersecurity measures.<\/p>\n\n\n\n<p>Here are some factors attackers look for when assessing potential ransomware targets:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Valuable data:<\/strong> The first thing a ransomware attacker considers is the significance of a company\u2019s data. If they can encrypt essential or sensitive data, the company will likely pay a higher ransom.<\/li>\n\n\n\n<li><strong>Lack of efficient cybersecurity infrastructure:<\/strong> Ransomware will target companies with limited cybersecurity measures. SMBs are more likely to fall into this trap, as large corporations have extensive security. Companies new to cybersecurity may fall victim to RaaS and don&#8217;t have sufficient infrastructure to deal with them.<\/li>\n\n\n\n<li><strong>Money:<\/strong> An attacker looks for wealthier companies that can pay a substantial ransom.<\/li>\n\n\n\n<li><strong>High damage potential:<\/strong> Apart from financial motivation, hackers aim to cause as much damage as possible, typically in state-sponsored threats. Supply chain companies are primarily at risk. If you offer IT services to many companies, you could be a soft target for them, as a single ransomware attack can lead to widespread damage.<\/li>\n<\/ul>\n\n\n\n<p>These are some points cyber criminals look at when planning ransomware attacks. To keep from becoming a ransomware victim, there are steps you need to take.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Preventing-Ransomware\"><\/span>Preventing Ransomware<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Companies can prevent ransomware attacks, or at least limit their damage through security and IT best processes.<\/p>\n\n\n\n<p>Cybersecurity best practices can also stop and prevent ransomware attacks:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Endpoint security:<\/strong> <a href=\"https:\/\/www.esecurityplanet.com\/products\/antivirus-software\/\">Antivirus<\/a> and <a href=\"https:\/\/www.esecurityplanet.com\/products\/edr-solutions\/\">EDR<\/a> tools offer good protection against malware in general and are a cornerstone cybersecurity technology. Tools like <a href=\"https:\/\/www.esecurityplanet.com\/products\/network-access-control-solutions\/\">network access control (NAC)<\/a> can also keep insecure devices from connecting to your network.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/applications\/mfa-advantages-and-weaknesses\/\"><strong>Multifactor authentication<\/strong><\/a><strong> (MFA)<\/strong> can protect critical applications and devices, as can <a href=\"https:\/\/www.esecurityplanet.com\/products\/zero-trust-security-solutions\/\">zero trust<\/a> security principles.&nbsp;<\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/best-secure-email-gateways\/\"><strong>Email<\/strong><\/a><strong> and <\/strong><a href=\"https:\/\/www.esecurityplanet.com\/products\/secure-web-gateway-vendors\/\"><strong>web gateways<\/strong><\/a> can help protect an organization when employees click on malicious links and downloads, but strong <a href=\"https:\/\/www.esecurityplanet.com\/products\/cybersecurity-training\/\">end user training<\/a> could potentially keep them from clicking on those things in the first place. For email security, use an efficient spam filter with cloud-based intelligence to prevent such attacks by implementing tools like SPF (Sender Policy Framework) email security, <a href=\"https:\/\/www.esecurityplanet.com\/compliance\/getting-dmarc-right\/\">DMARC<\/a> (Domain-based Message Authentication, Reporting, and Conformance), and DKIM (DomainKeys Identified Mail).<\/li>\n\n\n\n<li><strong>Manage desktop extensions:<\/strong> Change Windows from default to showcase extensions. Train employees on .exe and other malicious file types that should never be downloaded.<\/li>\n\n\n\n<li><strong>Patching and maintenance:<\/strong> Attackers are looking to take advantage of vulnerabilities in all possible ways. Make sure your IT team promptly <a href=\"https:\/\/www.esecurityplanet.com\/products\/patch-management-service-providers\/\">patches<\/a> hardware and software vulnerabilities and executes <a href=\"https:\/\/www.esecurityplanet.com\/applications\/virtual-patching\/\">mitigation measures<\/a> to secure your software and devices.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/vulnerability-scanning-tools\/\"><strong>Scanning for vulnerabilities<\/strong><\/a> is another best practice for limiting your attack surface.<\/li>\n<\/ul>\n\n\n\n<p><strong>Further reading: <\/strong><a href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware-protection\/\"><strong>Ransomware Protection: How to Prevent Ransomware Attacks<\/strong><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Best-Practices-for-Limiting-Ransomware-Damage\"><\/span>Best Practices for Limiting Ransomware Damage<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Some best practices to limit the damage of a ransomware attack and speed recovery include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Data encryption:<\/strong> A common tactic most ransomware attacks use is data exfiltration to extort companies by threatening to release their data to the public or their competitors. It can be stopped by <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-encryption-software\/\">encrypting<\/a> the sensitive data of your company so it can&#8217;t be released. But make sure you manage the encryption keys well.<\/li>\n\n\n\n<li><strong>Ransomware-proof backups:<\/strong> You can limit the damage caused by ransomware by maintaining an effective <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-backup-solutions-for-ransomware-protection\/\">backup<\/a> and <a href=\"https:\/\/www.esecurityplanet.com\/products\/disaster-recovery-solutions\/\">disaster recovery<\/a> plan. Usually, <a href=\"https:\/\/www.esecurityplanet.com\/threats\/common-types-of-ransomware\/\">ransomware attacks<\/a> damage backups, so you should have at a minimum one backup version offline and out of reach from the network.<\/li>\n<\/ul>\n\n\n\n<p><strong>Also read: <\/strong><a href=\"https:\/\/www.esecurityplanet.com\/networks\/building-a-ransomware-resilient-architecture\/\"><strong>Building a Ransomware Resilient Architecture<\/strong><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ransomware-Response-Best-Practices\"><\/span>Ransomware Response Best Practices<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Once a ransomware attack has been recognized, the incident response team will have limited time to limit the attack. A reliable backup is the quickest way to recover from a ransomware attack, but proper response and investigation will help.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Incident response:<\/strong> All organizations need an <a href=\"https:\/\/www.esecurityplanet.com\/networks\/incident-response-how-to-prepare-for-attacks-and-breaches\/\">incident response plan<\/a> and access to <a href=\"https:\/\/www.esecurityplanet.com\/networks\/best-incident-response-tools-services\/\">tools and services<\/a>. The response plan should include plans for prompt action, such as isolating endpoints to prevent ransomware from spreading across the network, and shutting down or disconnecting devices to avoid larger attacks.<\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/digital-forensics-software\/\"><strong>Forensic evaluation<\/strong><\/a><strong>:<\/strong> Any ransomware attack needs proper investigation, including checking the entry point and data exfiltrated and corrupted as well as the damage that occurred, along with an analysis of the ransomware variant to see if there are available decryption keys. After the investigation, the company confirms that the attack has been contained.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Ransomware-Recovery-Best-Practices\"><\/span>Ransomware Recovery Best Practices<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>After containing the ransomware attack, you can initiate the recovery process.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Version restore:<\/strong> Some ransomware threats leave the system store version intact, helping your recovery team to switch to a previous version.<\/li>\n\n\n\n<li><strong>Backup restore:<\/strong> If you have a good data backup, you can choose this route, as it is the quickest to execute.<\/li>\n\n\n\n<li><strong>Decryption trials:<\/strong> Companies with no backup can try to decrypt the data; however, this option doesn\u2019t have a good success rate.<\/li>\n<\/ul>\n\n\n\n<p><strong>Ransomware recovery resources:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-to-recover-from-a-ransomware-attack\/\"><strong>How to Recover From a Ransomware Attack<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/best-ransomware-removal-tools\/\"><strong>Best Ransomware Removal Tools<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/ransomware-removal-and-recovery-services\/\"><strong>Best Ransomware Removal and Recovery Services<\/strong><\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/decrypt-ransomware-encrypted-files\/\"><strong>How to Decrypt Ransomware Files \u2013 And What to Do When That Fails<\/strong><\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Should-I-Pay-the-Ransom\"><\/span>Should I Pay the Ransom?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The big question here is whether a company facing disruption and loss from ransomware should pay the ransom or not. In a few situations, it may appear that the only option left to prevent business damage is making the payment.<\/p>\n\n\n\n<p>However, more companies have been refusing to pay ransom demands, in part because decryption keys provided by ransomware groups often don&#8217;t work and data has already been damaged. Security officials typically caution victims not to pay, in part to discourage attackers.<\/p>\n\n\n\n<p>And companies that pay the ransom face <a href=\"https:\/\/blog.barracuda.com\/2023\/03\/28\/repeat-ransomware-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener\">a higher risk of repeat attacks<\/a>, so there&#8217;s not a lot of good reasons to pay.<\/p>\n\n\n\n<p>If you have a <a href=\"https:\/\/www.esecurityplanet.com\/products\/cyber-insurance-companies\/\">cyber insurer<\/a>, they will have their own processes for responding to any cyber attack.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"History-of-Ransomware\"><\/span>History of Ransomware<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>While ransomware has gained notoriety in the last few years, it is not new. The first ransomware attack took place in 1989. Called the AIDS or the PC Cyborg Trojan, hackers sent the virus to people, usually in the healthcare industry, through a floppy disk.<\/p>\n\n\n\n<p>The ransomware assessed the times the PC was booted, and when it hit 90, it encrypted the device and its files, demanding the user to renew their license with PC Cyborg Corporation by sending a sum of $189 or $378 to a P.O. Box in Panama.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Evolution of ransomware<\/h3>\n\n\n\n<p>Early ransomware involved basic cryptography, which only changed the file names, making it simpler to overcome. But with advancement, hackers now use evolved cryptography that doesn\u2019t just change the file&#8217;s name but also its content into gibberish or an encrypted language.<\/p>\n\n\n\n<p>A successful variation was police ransomware, which extorted victims by claiming the PC is encrypted by law enforcement. The screen was locked with a ransom note warning the users they\u2019ll go to jail for committing illegal online activity.<\/p>\n\n\n\n<p>However, if they paid the fine, the note said police would allow the infringement to slide and re-grant them access to the computer by providing the decryption key. The attack had nothing to do with law enforcement, and was just hackers exploiting people.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Bottom-Line-Getting-On-Top-of-the-Ransomware-Threat\"><\/span>Bottom Line: Getting On Top of the Ransomware Threat<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Ransomware is a uniquely malicious cyber threat that&#8217;s worth the investment it takes to stop it. The good news is that any of the steps you can take to reduce the threat of ransomware will help you with security and compliances issues in general.<\/p>\n\n\n\n<p>Two ransomware protections in particular stand out. Encrypting sensitive data is a good way to prevent extortion threats, and ransomware-proof backup isn&#8217;t easy to get right, but nothing will get your business back up and running faster.<\/p>\n\n\n\n<p>Stay on top of evolving cyber threats, of course, but strong ransomware defenses and preparation will give you good protection against a wide range of threats.<\/p>\n\n\n\n<p><strong>Read next: <a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-one-company-survived-ransomware\/\">How One Company Survived a Ransomware Attack Without Paying the Ransom<\/a><\/strong><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6db9f170c8-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6db9f170c8\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6db9f170c8\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6db9f170c8\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6db9f170c8\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6db9f170c8\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6db9f170c8\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware is a type of malicious program, or malware, that encrypts files, documents and images on a computer or server so that users cannot access the data. Ransomware is the most feared cybersecurity threat and with good reason: Its ability to cripple organizations by locking their data is a threat like no other. Knowing what [&hellip;]<\/p>\n","protected":false},"author":330,"featured_media":19501,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[15],"tags":[4517,22796,3790,860,3414,2478,730,5277],"b2b_audience":[33],"b2b_industry":[52,53,55,56,57,59],"b2b_product":[397,400,382,390,394,383,31781,381,31780,31790,31775,392,396],"class_list":["post-29517","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threats","tag-backup","tag-cyberattack","tag-cybersecurity","tag-encryption","tag-network-security","tag-ransomware","tag-security","tag-web-security","b2b_audience-awareness-and-consideration","b2b_industry-education","b2b_industry-energy","b2b_industry-financial-services","b2b_industry-government","b2b_industry-healthcare","b2b_industry-manufacturing","b2b_product-anti-malware","b2b_product-antivirus","b2b_product-application-security-vulnerability-management","b2b_product-content-filtering","b2b_product-email-security","b2b_product-encryption-data-loss-prevention","b2b_product-multi-factor-access-management","b2b_product-network-access-control-nac","b2b_product-patch-management","b2b_product-ransomware","b2b_product-web-applications-security","b2b_product-web-security","b2b_product-wireless-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What is Ransomware? Everything You Should Know | eSP<\/title>\n<meta name=\"description\" content=\"Ransomware is a type of malware that restricts access to an infected computer system until a ransom is paid to unlock it.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is Ransomware? Everything You Should Know | eSP\" \/>\n<meta property=\"og:description\" content=\"Ransomware is a type of malware that restricts access to an infected computer system until a ransom is paid to unlock it.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2023-04-06T14:30:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-07-26T19:15:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/10\/ransomwared.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"269\" \/>\n\t<meta property=\"og:image:height\" content=\"187\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Kashyap Vyas\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kashyap Vyas\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/\"},\"author\":{\"name\":\"Kashyap Vyas\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/2118dacb2683fbd98ed1cfe027ba98fd\"},\"headline\":\"What is Ransomware? Everything You Should Know\",\"datePublished\":\"2023-04-06T14:30:42+00:00\",\"dateModified\":\"2023-07-26T19:15:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/\"},\"wordCount\":2630,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/10\/ransomwared.jpg\",\"keywords\":[\"backup\",\"cyberattack\",\"cybersecurity\",\"encryption\",\"network security\",\"ransomware\",\"security\",\"Web security\"],\"articleSection\":[\"Threats\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/\",\"name\":\"What is Ransomware? Everything You Should Know | eSP\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/10\/ransomwared.jpg\",\"datePublished\":\"2023-04-06T14:30:42+00:00\",\"dateModified\":\"2023-07-26T19:15:26+00:00\",\"description\":\"Ransomware is a type of malware that restricts access to an infected computer system until a ransom is paid to unlock it.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/10\/ransomwared.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/10\/ransomwared.jpg\",\"width\":269,\"height\":187,\"caption\":\"ransomware victim\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is Ransomware? Everything You Should Know\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/2118dacb2683fbd98ed1cfe027ba98fd\",\"name\":\"Kashyap Vyas\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kashyap.vyas-headshot-Webache-Solutions-1-150x150.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kashyap.vyas-headshot-Webache-Solutions-1-150x150.png\",\"caption\":\"Kashyap Vyas\"},\"description\":\"Kashyap Vyas is a writer with 10+ years of experience writing about SaaS, cloud communications, data analytics, IT security, and STEM topics. He's been a contributor to publications including IT Business Edge, Interesting Engineering, Machine Design, Design World, and several other peer-reviewed journals. Kashyap is also a digital marketing enthusiast and runs his own small consulting agency.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/kashyap-vyas\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What is Ransomware? Everything You Should Know | eSP","description":"Ransomware is a type of malware that restricts access to an infected computer system until a ransom is paid to unlock it.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/","og_locale":"en_US","og_type":"article","og_title":"What is Ransomware? Everything You Should Know | eSP","og_description":"Ransomware is a type of malware that restricts access to an infected computer system until a ransom is paid to unlock it.","og_url":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/","og_site_name":"eSecurity Planet","article_published_time":"2023-04-06T14:30:42+00:00","article_modified_time":"2023-07-26T19:15:26+00:00","og_image":[{"width":269,"height":187,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/10\/ransomwared.jpg","type":"image\/jpeg"}],"author":"Kashyap Vyas","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Kashyap Vyas","Est. reading time":"12 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/"},"author":{"name":"Kashyap Vyas","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/2118dacb2683fbd98ed1cfe027ba98fd"},"headline":"What is Ransomware? Everything You Should Know","datePublished":"2023-04-06T14:30:42+00:00","dateModified":"2023-07-26T19:15:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/"},"wordCount":2630,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/10\/ransomwared.jpg","keywords":["backup","cyberattack","cybersecurity","encryption","network security","ransomware","security","Web security"],"articleSection":["Threats"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/","url":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/","name":"What is Ransomware? Everything You Should Know | eSP","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/10\/ransomwared.jpg","datePublished":"2023-04-06T14:30:42+00:00","dateModified":"2023-07-26T19:15:26+00:00","description":"Ransomware is a type of malware that restricts access to an infected computer system until a ransom is paid to unlock it.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/threats\/ransomware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/10\/ransomwared.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/10\/ransomwared.jpg","width":269,"height":187,"caption":"ransomware victim"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/threats\/ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"What is Ransomware? Everything You Should Know"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/2118dacb2683fbd98ed1cfe027ba98fd","name":"Kashyap Vyas","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kashyap.vyas-headshot-Webache-Solutions-1-150x150.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/04\/kashyap.vyas-headshot-Webache-Solutions-1-150x150.png","caption":"Kashyap Vyas"},"description":"Kashyap Vyas is a writer with 10+ years of experience writing about SaaS, cloud communications, data analytics, IT security, and STEM topics. He's been a contributor to publications including IT Business Edge, Interesting Engineering, Machine Design, Design World, and several other peer-reviewed journals. Kashyap is also a digital marketing enthusiast and runs his own small consulting agency.","url":"https:\/\/www.esecurityplanet.com\/author\/kashyap-vyas\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/29517"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/330"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=29517"}],"version-history":[{"count":2,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/29517\/revisions"}],"predecessor-version":[{"id":31226,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/29517\/revisions\/31226"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/19501"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=29517"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=29517"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=29517"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=29517"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=29517"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=29517"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}