Ransomware is a type of malicious software that threatens to forever block access to a victim’s data or publish it unless a ransom is paid. While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called crypto-viral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented ransomware extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Bitcoin are used for the ransoms, making finding and prosecuting the perpetrators challenging.
In the United States, the volume and severity of ransomware attacks has significantly increased in recent months. Database files and SQL files are among the most targeted types of files and education and IT are the most targeted types of businesses. The countries with the highest ransomware infection rates as of 2018 were Thailand, the UAE, and Iran. The leading causes of ransomware infections were spam and phishing emails, and malicious websites and web ads. According to MSP providers, the most commonly experienced strains of ransomware by ransomware attack victims was CryptoLocker, followed by WannaCry and CryptoWall.
The actual financial damage of the extortion payment – which can be covered via cyber insurance – pales in comparison to a company’s losses of reputation and customers. The most common consequences of ransomware attacks according to victims in the United States are investment in new security technologies, loss of income from downtime and loss of clients. In 2018, the average cost of cyber insurance claims caused by ransomware amounted to 229,000 U.S. dollars. Ransomware accounted for 15 percent of cyber insurance claims in North America in 2018, ranking only behind hacker attacks which accounted for 21 percent of claims.
The most commonly implemented ransomware solutions include security software and employee training. This training may include phishing testing of high-risk employees, as well as online training for all employees.