What is ransomware? Learn the ABCs.

Cyberthreats, particularly ransomware, are part of everyday life. In fact, new ransomware attacks happen every 11 seconds (and it’s expected to increase to every 2 seconds by 2031). That frequency adds up to thousands of opportunities each day for cybercriminals to infiltrate your business.

You can’t completely prevent ransomware. But the more you know about it and how it operates, the better prepared you can be to stop ransomware in its tracks and to minimize the resulting damage to your organization.

Cybercriminals are smart (and they’re getting smarter every day). Their infiltration tactics are much more sophisticated than someone who’s guessing user names and passwords to hack into your systems. In fact, they’re usually clever enough to get end users to do all the heavy lifting for them.

By far, the most common threat comes by way of phishing emails. Nearly 66% of ransomware threats are delivered in phishing emails that either install and spread malware or coerce recipients into providing the secure information that the attackers are looking for. With one out of three employees likely to click the links in a phishing email, the chances of your business being infected by ransomware through a phishing technique are high.

Another way that cybercriminals break into your organization is by using stolen credentials that they have purchased on the bootleg market to access your internal systems and data. And although we like to think of cybercriminals as strangers in dark rooms thousands of miles away, possibly the most dangerous are attackers who work from the inside.

Insiders have the security credentials to access your most critical systems and data, without raising suspicions. They know exactly which data is most valuable to your business and where that data resides—giving them incredible power to take your business hostage. Nearly one-third of ransomware attacks come from malicious insiders.

Ransomware attacks are not one-size-fits-all, but there are three main strategies that cybercriminals use to succeed in their attack:

• Demand ransom in exchange for not attacking.
• Attack first, then demand ransom to return stolen data and files.
• Demand ransom, then attack, then demand more ransom to return stolen data and files.

So, what does an attack usually consist of? During an attack, cybercriminals encrypt, delete, corrupt, or just outright steal your data. For example, an attacker might encrypt your data and then demand ransom in exchange for the encryption key. Or an inside attacker might copy confidential competitive information onto a thumb drive, delete it from your systems, and then demand ransom in exchange for not sharing the information with competitors.

As cybercriminals become more innovative, the use of multiple extortion techniques is also becoming more common. For example, criminals demand ransom for encrypted files, but if the ransom isn’t paid quickly, they threaten to publicly leak confidential data, adding reputational damage on top of financial damage.

Regardless of the tactics and strategies that a cybercriminal uses, the best way to defend your organization against their attacks is to protect your data. Encrypt your data at rest and in flight. Make sure that you always have current backups in place and that those backups are easily recoverable. Take advantage of data protection technologies that enable you to make your data immutable and indelible. It’s game over for cybercriminals when they can’t cause havoc with your data.

That defense may sound easier said than done. But when it comes to data security and data protection, nobody knows better than NetApp. To see how easy and powerful it is to take a data-centric approach to security and protection, check out NetApp^® cyber-resilience and ransomware solutions.