Ransomware

A particularly nasty subset of malware that encrypts your files or otherwise locks your system, then demands a ransom payment (often in cryptocurrency) for the key to unlock them. Essentially, the attackers take your data hostage. After infection, you might see a message like "Your files are encrypted. Pay $5,000 in Bitcoin within 3 days or they will be deleted." Even if you pay, there's no guarantee you'll get your files back (and it encourages the criminals).

‍

Ransomware often enters via phishing emails (e.g., an attachment that, when opened, runs the ransomware) or by attackers exploiting vulnerabilities in exposed systems. This threat has hit businesses of all sizes - and SMBs can be very vulnerable if they don't have reliable data backups or incident response plans.

‍

The best defenses are preventative: maintain offline or secure backups of critical data (so you can restore files without paying), keep your systems patched (to avoid the exploits that ransomware uses to spread), use strong security software to detect it, and train employees to spot suspicious emails or links.

‍

If you do get hit with ransomware, your incident response should focus on containment (remove infected machines from the network), restoration (wipe and rebuild systems from clean backups), and notification if sensitive data was also stolen (some modern ransomware both encrypts and exfiltrates data).

‍

Ransomware is one of the most disruptive attacks out there, but with good preparation (especially backups and user awareness), its impact can be greatly mitigated.