What is Ransomware?

pink cards floating on pink background

Share this page

Ransomware is any software that allows a third party to access and encrypt another’s files, delete the originals, then threaten to delete the only remaining (encrypted) copy of the files if the ransom is not paid. In the movies, the user deploying the ransomware is typically portrayed as a hardened criminal.

But truthfully, ransomware is simply a product—usually found on the internet—that one can learn to use easily. In other words, ransomware attacks are very common, and can be debilitating to files in the victim’s cloud.

Ransomware attacks happen quickly. Before you realize there is a threat, the hackers have stolen information, encrypted valuable files and are demanding a ransom be paid to release those files back to you. Usually, the hacker will demand a certain amount in Bitcoin, but paying the ransom doesn’t always minimize the damage. It can take weeks after a ransomware attack to fully assess the damage done in the four phases of a ransomware attack.

Phase 1: Infiltrate

You may think of a hacker as a hardened criminal, but truthfully, the average person can easily access any number of ransomware-as-a-service offerings. Unfortunately, the process of using these ransomware services to obtain stolen credentials and distribute malware is as easy as using almost any other online service.

All it takes is the right software for a hacker to gain access to vital information, and the attack begins.

Phase 2: Connect

Just one point of access is enough for the ransomware to get to work, contacting the victim’s remote network and generating a key to use for file encryption, in phase three.

During this phase of the attack, the ransomware is essentially rummaging through the victim’s files to find ones with value. After all, these files need to be worth the ransom the hacker is about to demand.

Phase 3: Encrypt

This is the “ransom” part of a ransomware attack—targeted files are encrypted, then the original files are deleted. In other words, ransomware holds your files hostage. The only way to free your data is to decrypt it, which can only be done with the key that was generated in phase two.

Phase 4: Extort

The hacker now demands a sum be paid in exchange for the key, typically applying a time limit within which you must meet their demands. If you don't, you risk the hacker deleting the key and removing any possibility of decrypting your files.

These demands are typically fulfilled, and the ransomware attack is complete.

Ransomware Illustration Image
Ransomware - Video

How to protect your cloud from ransomware attacks

Preventing a ransomware attack requires careful attention to every aspect of your data. Truthfully, this level of scrutiny requires 24/7 attention, which is easier to accomplish with NetApp’s Cloud Insights. This service carefully monitors your data to:

  • Highlight risks that can lead to an attack
  • Detect attacks the moment they happen
  • Perform automated actions to help avoid widespread damage

Whether it’s on-prem or in the cloud, Cloud Insights gives you complete visibility into your infrastructure and applications by using Zero Trust technology. It continuously monitors user behavior, learning what’s normal for your users so that it can detect anomalies instantly, triggering immediate action —taking snapshots of affected files to make recovery possible without paying the ransom and alerting you instantly of the activity.

Cloud Insights from NetApp makes it possible to detect and contain the damage of a ransomware attack.

Continue reading about Ransomware