Svg Vector Icons : Return to Glossary

What is ransomware?

Ransomware is a type of computer virus that seizes control of a user's computer or encrypts the data and then demands a ransom for the return of normal operations. The most famous examples of ransomware are Reveton, CryptoLocker, and WannaCry. Ransomware is usually spread by phishing attacks or click-jacking. Once the virus is installed, users lose the ability to access their computer data or use the machine. Many ransomware attacks demand ransoms to be paid via cryptocurrency, like Bitcoin.

Apps consist of many services on singular networks. Learn how inevitable threats can be mitigated.

Get the Report

How do I get ransomware?

Ransomware is spread by virus files that must be installed as an .exe by the user. After the virus enters the network, it may be able to spread laterally across devices. In this instance, the ransomware is also known as a worm. A network user may mistakenly install a file on a local computer from a phishing or click-jacking attack. If antivirus is installed on the network, it must either have the signature for the ransomware attack file or detect it by suspicious activity. Otherwise, it can escape detection.

Types of ransomware

The most common form of ransomware is the encryption attack. All the files on a user's computer are encrypted by the virus and cannot be unlocked unless the ransom is paid. This is the definitive pattern of ransomware. Many people would rather pay the ransom than lose all their data. The other type of ransomware is a deletion threat. In this instance, the data is threatened with deletion if the ransom is not paid by a certain date. Another less common variety is an extortion or doxxing attack.

How do I protect myself from ransomware?

Known ransomware will be covered by antivirus, but like any threat, a zero-day attack cannot be effectively screened by these utilities. Similarly, even the most well trained and professional users can fall prey to a phishing or click-fraud attack. Ransomware worms spread laterally in a network without human interaction. It depends on the complexity of the exploit code. Antivirus software that detects malicious activity is the best way, i.e. scanning the .exe before installing files from the web.

Who is a target for ransomware?

Ransomware often targets large corporations and government agencies where a single user’s mistakes can lead to a wide infection pattern. Other users may be infected by spam email or phishing attacks.

How do you prevent ransomware?

Install a verified antivirus software from one of the main providers like McAfee, Kapersky, Symantec, or Norton for the best protection and avoid installing any .exe files from web links. Look out for suspicious emails from unknown sources that have attachments. Often these emails will have spelling mistakes, use generic language (i.e. “Dear Sir/Madam”), or will come from a suspicious looking address. 

Examples of ransomware

Reveton in 2012 started the ransomware trend by impersonating a police department and demanding a fine. CryptoLocker in 2013 began the trend of BitCoin ransom attacks.

Do's and don’ts of ransomware

  • Do: Install an antivirus software and introduce a training or awareness program with staff
  • Don't: Leave your data without a backup so that you can delete and reformat devices after infection

How does ransomware affect my business?

Ransomware makes business owners consider how they approach antivirus, network security, and data backups. Businesses are recommended to use an antivirus scan on the firewall that includes known ransomware attacks. Administrators must consider how much tolerance they have for data loss on worker PCs and how to integrate regular secure backups on desktop productivity machines. Learn how the VMware Service-defined Firewall helps mitigate ransomware and other attacks.

Related Topics
Application Security
Data Center Security
Cloud Security
Network Security
Service Mesh
Enterprise Security

VMware Ransomware related Products, Solutions, and Resources: