Ask me anything: what is ransomware?

What is "ransomware"? This came up a couple of times for me this morning, so I thought there might be folks who would benefit from an answer. Specifically, an answer unrelated to selling a ransomware product or service.

The term "ransomware" describes the tools, tactics, techniques, and procedures (TTPs) utilized maliciously to either cryptologically prevent an organization from accessing its data or to access/exfiltrate an organization's data with a threat to expose. What makes these cases "ransomware" campaigns versus otherwise generic "malware" is the demand for payment made by the attacker. This generally takes the form of a demand for payment to be made to receive the keys and method for decrypting the victim's data or a promise of maintaining confidentiality.

Although "ransomware" and "malware" describe the operational use of tools and TTPs, they are not themselves descriptive of a specific piece of software or method. Additionally, the same good security practices and cyber hygiene recommended for years to confront malware campaigns and other adversarial/criminal use of tools and TTPs to victimize persons and organizations apply to ransomware.

  • Stay on top of software updates.
  • Apply patches.
  • Monitor applications and networks.
  • Apply sound inbound AND outbound access controls.
  • And conduct realistic testing against all aspects of organizational defense.

Understand your specific business risks and technical vulnerabilities and make informed remediation decisions. Finally, ask your outside counsel for a cyber event game plan specific to your organizational needs.

Have a question you would like to ask Team GRIMM? Email us at [email protected] for a chance to be featured!

Leave a Comment

Your email address will not be published. Required fields are marked *