It’s 3 a.m. when your phone begins vibrating on the nightstand. Half asleep, you answer the call. Your chief technology officer is on the line, clearly distressed and speaking so fast you can only make out a few words—“data,” “locked out,” “$1,000,000,” and “crypto.” Piecing it together, you realize that your organization’s systems have been hacked. Once you get the CTO to take a breath, you finally get the full story—your organization has been targeted in a ransomware attack. A hacker has infiltrated your organization’s systems and encrypted all of the data, including highly sensitive personal information of your clients and confidential corporate documents. Your employees cannot access the programs they need to do their work, and your customers cannot access your organization’s website. For every hour your organization’s systems are down, thousands of dollars of revenue are lost. The hacker sent an email to the CTO demanding $1,000,000 in cryptocurrency in exchange for the decryption of the data. How could this happen? What do you do now?
What Is Ransomware?
Ransomware is a term used to describe malicious software (malware) that encrypts an organization’s data, denying the organization access to its data. A hacker, whether an individual or a group, who has access to the organization’s systems uses ransomware to encrypt the organization’s data. The hacker will then demand money from the organization in exchange for a key to decrypt the data. Sometimes, hackers copy or take the data and threaten to release the stolen data if payment is not made. Hackers often request payments be made using cryptocurrency, such as Bitcoin, Ethereum, or Monero, to limit the ability of authorities to trace the payments back to the hacker.
