Ransomware is malware that encrypts victim data and demands payment for the decryption key. Modern variants use double extortion tactics.
Famous Ransomware Incidents
- WannaCry (2017): Exploited EternalBlue, affected 150+ countries
- NotPetya (2017): Destructive worm disguised as ransomware
- Ryuk: Targeted large organizations for high-value payouts
- LockBit: Continues to evolve and target enterprises
Defense Strategy
- Backups: Immutable, offline, tested for recovery
- Segmentation: Limit lateral movement
- EDR: Detect suspicious behavior early
- MFA: Prevent credential-based lateral movement
- Patching: Keep systems updated
Response Steps
- Isolate affected systems
- Preserve evidence
- Assess damage scope
- Decide on reporting/recovery
- Document lessons learned