Ransomware - Plan of Action

Ransomware continues to be a major threat to businesses in all sectors, with some areas getting hit particularly hard, especially education and healthcare. In 2020, 1,681 schools were affected by ransomware as well as 560 healthcare facilities.

In March of 2021, attackers demanded an astronomical $40 million from Broward County Public Schools, the nation’s sixth largest school district. In August and September of 2020, 57% of ransomware attacks reported to the federal Multi-State Information Sharing and Analysis Center involved schools, compared to 28% of all reported ransomware incidents from January through July.

How Does Ransomware Work?

Steps in a Typical Ransomware Attack

The typical steps in a ransomware attack are:

1. Infection: After it has been delivered to the system via email attachment, phishing email, infected application or other method, the ransomware installs itself on the endpoint and any network devices it can access.

2. Secure Key Exchange: The ransomware contacts the command and control server operated by the cybercriminals behind the attack to generate the cryptographic keys to be used on the local system.

3. Encryption: The ransomware starts encrypting any files it can find on local machines and the network.

4. Extortion: With the encryption work done, the ransomware displays instructions for extortion and ransom payment, threatening destruction of data if payment is not made.

5. Unlocking: Organizations can either pay the ransom and hope for the cybercriminals to actually decrypt the affected files, or they can attempt recovery by removing infected files and systems from the network and restoring data from clean backups.

Unfortunately, negotiating with cyber criminals is often a lost cause as a recent report found that 42% of organizations who paid a ransom did not get their files decrypted.