This is one of the 52 terms in The Language of Cybersecurity published by XML Press in 2018 and the contributor for this term is Dave Kartchner.

What is it?

Malicious code that encrypts files on a computing device, enabling an attacker to demand a ransom from the legitimate owner to recover the encrypted data.

Why is it important?

Numerous high-profile ransomware cases – including the May 2017 WannaCry ransomware attack that struck at least 50 organizations – have occurred over the last several years, involving medical centers, police departments, and government organizations. These occurrences show the negative impact ransomware can have on an organization’s operations and finances.

Why does a business professional need to know this?

Symantec’s 2017 Internet Security Threat Report notes, “During 2016, ransomware was one of the most significant threats facing both individuals and organizations.” Another disturbing trend noted in this report is that the average ransom amount continues to trend upwards with a 266% increase between 2015 (US$294) and 2016 (US$1,077).

Both Symantec’s report and Verizon’s 2017 Data Breach Investigations Report predict a continued upward trend in ransomware attacks, their sophistication, and the amount of ransom demanded. Thus, the ransomware threat is not fading away anytime soon.

The potential impact of a successful ransomware attack is enormous for any organization that depends on digital/electronic data or systems to conduct business.

To reduce the risk of a ransomware attack, organizations should consider best practice defenses such as the following:

  • Data backup and restore processes
  • Business continuity and disaster recovery plans that include ransomware scenarios
  • An incident response plan for ransomware

These best practices can help lessen the negative consequences on operations and revenue that a successful ransomware attack can generate. Business professionals must communicate with decision makers in the organization regarding the risks and consequences of a ransomware attack on the organization.