Secure your small business:
Apps → Data →

Cybersecurity Reference > risks and threats


Quick definition  ⓘ
Why it matters: Ransomware attacks have increased in recent years, with a number of major breaches making news headlines. This makes ransomeware among the most urgent malware problems.
Share of businesses that are able to ultimately retrieve all of their stolen data after paying a ransom.

Key Points

  • Ransomware attacks encrypt your data, making it inaccessible until a payment is made to the attackers
  • Demanded payments are large and most commonly required in cryptocurrency of some form
  • Payment does not guarantee data retrieval, or the avoidance of data leakage or future attacks
  • If you are subject to a ransomware attack, contact law enforcement before taking any other action
© Pemika Pholdongnok / Dreamstime

Ransomware attacks can disrupt an organization at an existential level. Prevention is the best defense—once you have become a victim, positive resolution is by no means certain.

Quick Read

Recent years have seen a rash of high-profile ransomware attacks, including those affecting Colonial Pipeline and Kaseya. In a ransomware attack, malware either makes organization data unavailable or threatens to make it unavailable until a ransom is paid. Early on, payment was often demanded by wire transfer, but more recently payment has often been demanded in cryptocurrency.

Ransomware attacks begin as malware infection—the actual data encryption or lockout is done by this malware—and eliminating possible sources or avenues of malware infection is thus one of the keys to avoiding ransomware attacks. In practice, this means not only tools for malware detection, but also keeping software updated to avoid zero-day vulnerabilities and taking pains to ensure that safeguards and training exist to combat phishing and other email attacks.

Once infection occurs—even if data is not yet locked—organizations are at risk of data leakage or resale on the dark web, and at significantly increased risk for future attacks carried out through the use or reuse of the data that has been accessed. The majority of ransomware attacks now include some form of data exfiltration, often with data ending up for sale on the dark web.

Once data is locked, organizations are unlikely to recover all of their data unless a comprehensive backup strategy is in place. Even with payment, only a small minority of companies are able to eventually access all of their data again, and in some cases payment does not restore any data access at all.

The first step in responding to a ransomware attack is therefore not to make payment, but rather to make contact with law enforcement who can provide references to security specialists and specialists in ransomware negotiation that provide the best possible likelihood of successful resolution.

Further Reading

—Aron Hsiao

Need Ransomware solutions?
We can help!

Plurilock offers a full line of industry-leading cybersecurity, technology, and services solutions for business and government.

Talk to us today.


Thanks for reaching out! A Plurilock representative will contact you shortly.

More to Know

© Melpomenem / Dreamstime

Prevention is Key

The best defense against ransomware is never to become infected in the first place. Policies that prevent malware infection of any kind are thus key. All software must be kept up to date to reduce exposure to vulnerabilities and comprehensive steps should be in place to ensure sound user behavior, including proper email and web browsing hygiene during work.

© Designer491 / Dreamstime

Full Data Recovery is Rare

Once a malware attack is in progress, full data recovery is rare, even with payment—so immediate payment is generally not the best option, despite what may feel like tremendous situational urgency.

© Auremar / Dreamstime

Involve the Authorities

Because simply making payment rarely results in full data recovery, involving the authorities is usually the best first step. They can provide strategic direction and involve or provide references to ransomware specialists and negotiators.

Quick Definition

Ransomware is a type of malware that, when installed on a computing system, prevents further work from being done on the system or data from being accessed until a ransom is paid. Often the ransom is requested by wire transfer, and in some cases paying the ransom does not result in the restoration of system or data access.

Ransomware has become an increasingly common form of attack in recent years, particularly targeting users at bureaucratic organizations where data is critical yet expertise may be limited, such as local and regional government agencies.

Subscribe to the newsletter for Plurilock and cybersecurity news, articles, and updates.

You're on the list! Keep an eye out for news from Plurilock.