Money or data! What is ransomware?

Peníze, nebo data! Aneb co je to ransomware
Ransomware is a type of cyber-attack with one goal – to encrypt your data. The hacker will demand a ransom to make your data available again. How do hackers use this attack? Why is it becoming more and more common lately? And how can companies defend themselves from this cyber-attack?

You can imagine ransomware as a roadside robber that will cross your path and try to swindle you out of your money. If you pay, he leaves you alone. But you never know how exactly the incident will turn out.

The goal of cyber security in a company is to ensure the functionality of the company's IT systems and to protect data. Above and beyond all of this is the ability of the company to operate, provide services and do business "normally", even in the event of a cyber-attack.

For various reasons, attackers seek to disrupt these corporate goals. That’s why they often hold the company to ransom. With money being the number one concern, ransomware has become one of the most used types of attacks affecting companies.

The aim of ransomware is to do harm. Hackers want to infiltrate a company's network, spread ransomware and then encrypt files. The victim is then asked to pay a ransom or no longer have access to the data. A payment is therefore made for allowing access to the ransomware's own data again.

It's good to remember that ransomware attacks can also simply aim to threaten to disclose customer information. Especially when the information is of a sensitive nature.

How can you protect yourself from ransomware? 

To know how to defend against ransomware, it's important to know, where it can get to us. Typical ransomware hides in phishing a fraudulent emailu or SMS where the attacker wantsthe victim to click on a link in the message and enter their sensitive details into a site that pretends to be real and familiar. Or download something from it, which can happen just by loading it. How can I defend against ransomware attacks? We have some tips for you.

If companies want to truly defend themselves from cyber-attacks, they must educate employees and take the time to educate them properly.  

International anti-ransomware initiative

Statement against ransom payments for ransomware. Under this name is a joint declaration by states and international organizations that they will not pay ransom for ransomware. Why did something like this come about? Who is affected by the commitment not to pay? And who is behind it?

The declaration is the result of a meeting of the "International Counter Ransomware Initiative" (CRI). This is a global initiative with more than 50 members. It has a presence on every continent and members include the USA, UK, Germany, Australia, India, Cameroon, the United Arab Emirates and the Dominican Republic. And of course, the Czech Republic. Conspicuously absent from the large states are China and Russia. Of the countries notorious for using ransomware to improve their state budgets, North Korea.

What are the CRI goals?

To build common resilience against ransomware attacks.

Limit the lifetime business model of ransomware attacks.

International collaboration of members in the face of a ransomware attack.

Collaborate with the private sector to combat ransomware.

Combat the funding of ransomware attacks and the subsequent ability to use the ransom collected.

Following a CRI initiative, the International Anti-Ransomware Group was established to coordinate CRI's joint action against ransomware gangs. Its goal is to target gangs at the operational level - i.e. the real groups that use ransomware to attack.

Another activity has been the effort to combat the business model of ransomware gangs. Through analysis in the areas of cyber insurance, victim behaviors, seizure and confiscation of virtual assets, ransom payments and best practice in incident reporting and information sharing.

Further plans emerged from the current CRI meeting:

What is ransomware?

Get ready

Do you need to train your employees in cyber security and improve the security of your business?

More articles

Plans such as BCP, DRP, or risk management plans ensure cybersecurity and help maintain business continuity. What should they include?
Listen to the podcast with Katka Hůtová, who will guide you through the upcoming changes according to the new cybersecurity law.
Crisis communication during a cyber-attack should be swift, transparent and consistent to minimize damage and maintain the trust of all stakeholders. How to do it?

Newsletter

Do you want to be sure that your company is protected from cyber threats and at the same time comply with the applicable legislation? Sign up for the newsletter and get practical advice from our legal consultants.

By clicking submit, you consent to the processing of your personal data for marketing purposes.