Table of Content:

Ransomware is a kind of malevolent software that is built to block access to a computer system or the information stored on a computer. Cybercriminals use this software as a weapon to attack their prey selectively or at random and ask for ransom (mostly not in usual bank transactions but cryptocurrency) in return for access to the data or system that was hijacked.

Ransomware is used to encrypt the data stored in a system by the attacker. The encrypted data then can only be accessed through the decryption key that can be obtained by paying the attacker. Detailed instructions on how to get the decryption key are provided to the victim, how the payment can be made, and then how they will regain access to their lost data.

The frequency of ransomware attacks is not always possible to pinpoint every time as most of the victims pay the ransom to get rid of the attacker and regain their data. Though it is a dangerous practice to pay the ransom without notifying the authority, most victims do this to avoid further hassle. In 2019, 205,280 victim organizations submitted complaint files that they had been hacked in a ransomware attack, which was an alarming 41% rise from the year before.



According to the security experts, even this number doesn’t represent the true nature of the number of the attacks as most of the events remain undetected or the victims don’t report and silently pay off the ransom.

Ransomware Attacks

The core target of a ransomware attack is mostly to gain monetarily. Most of the time, the companies are the prime victim of ransomware attacks. The attackers know that the companies have multidisciplinary data stored and they are urgent for them to keep operational. This gives them the chance to ask for a large sum of money within a short period. However, sometimes competitors or enemies also perform ransomware attacks on their competitors to cripple the competition. Attackers don’t always perform ransomware attacks on companies; they often randomly perform attacks and ask for money.

  • On 13th Dec 2020, Habana Labs, developers of AI processors owned by Intel, was reported to be a victim of the Pay2Key ransomware attack. Here the attackers stole data and then leaked them online. The data included sensitive code to various business documents that would compromise the business.
  • Another recent incident took place on 1st December 2020. Shirbit Insurance, an Israeli insurance provider that serves many government employees, became the victim of ransomware. After the report was published, it was unraveled that a group called Black Shadow asked for 50 Bitcoin initially for not exposing the company’s sensitive client data. As Shirbit didn’t respond or paid the ransom, the price rose from 50 BTC to 100 BTC and later 200 BTC.

You should keep in mind that ransomware attacks and recovery from it are long and critical processes. Attackers nowadays mostly demand bitcoin, as cryptocurrency is untraceable.

  • Another notable ransomware attack happened on November 29, 2020, where the victim was none but the electronics giant Foxconn that was infected by the DoppelPaymer ransomware. According to a report published in Bleeping Computer, the attackers demanded 1,804 BTC, which equals over $34 million(USD) and if the payment was confirmed, then they would provide the decryption tool. The attackers claimed they had successfully encrypted almost 1200 servers and stole 100 GB of Foxconn’s encrypted files and deleted 20-30 Tb of their backup data. Yes! You read it right 20-30 TB of the backup file.

How to Prevent Ransomware Attack?

You got a clear picture of the scenario of ransomware and how deadly they are for your company and yourself. According to CSO online, 94% of ransomware, malware is delivered by email.

Here are some preventive steps that you should grow into a habit to minimize the ratio of being the victim of a ransomware attack:

  • Never click on the links that are from untrusted contacts or websites. Avoid downloading the content you suspect is from unverified contacts or platforms. 
  • If you receive emails from an unknown contact, it is always suggested not to open the attached files on your device firsthand. Always confirm the senders’ authenticity. If you suspect that the contents of the email are not usual, then call the sender to become sure of the content's authenticity. 
  • Only download from trusted sites.
  • Abstain from giving away personal information like email, phone number, address, social security number, credit card number, etc.
  • Try using content scanning and filtering services provided by your mail server.
  • Never use unfamiliar or untrusted USB drives
  • Make sure that your operating system and software are always up to date. 
  • Try avoiding public Wi-Fi. In case it is an emergency, then use a trusted VPN to access the internet.
  • The most important thing is to keep a backup of your data. Try the backup system to upgrade automatically so that even if you forget to do so, in the event of an attack, you can still restore your backup data.

What to Do If You Are Under Attack?

Accident happens. But the best course of action is always not to freak out and keep calm. Whenever you are under a ransomware attack, every second and every decision you take is critical.

The very first thing that you would encounter in an event of a ransomware attack is that you will find yourself locked out of your system or data. Then you’ll find out a notice or some sort of communication from the attacker regarding the money. Many variables are interconnected. You might start negotiating with the attacker and end up making them upset and resulting in losing the slightest opportunity to recover your data and discover them leaked online.

You might end up giving the ransom and yet not getting the decryption key. In every step, there is a possibility of things going sideways. Responding to a ransomware attack is a multi-layered approach. The best way to respond to a threat like this is to get the help of a professional negotiator. Things that you need to perform:

  • Incident Response: start the incident response team if you have one or consult professionals to do so. Here, the incident response team will do forensics to understand how much you are exposed. They will then help you discover and understand the availability of backups and the possibilities of recovery process and time. All this would help you assess the real scenario of the attack and where do you stand at this point. 
  • Investigating the damage and possibility of recovering: Now you need to assess the missing data and the system that is affected so that you can determine what it would take to get back in business in this situation.
  • Threat intelligence: Cyber intelligence performs a critical role in the event of a ransomware attack. It would help you understand the threat actor or threat actor group, their motivation, methods, previous activity, typical payouts, etc. These would eventually help you understand the attacker/s and would be very useful while negotiating with them. 
  • Consulting negotiator: Consult a negotiator if you have not done it yet. Then you should keep all the key stakeholders, as an insurer, outside the channel, PR specialist, etc. in the loop to proceed further. Now the professional third parties or the negotiator will start the communication with the attacker.
    • The negotiator will start the communication after keeping all the stakeholders informed about the scenario
    • Here, the negotiator will structure a workable deal with the attacker if possible
    • Then you need to decide if you will pay. Before doing so, of course, the reports that you have gathered would help you determine how crucial the data is and if paying the attacker is worth it.
    • How to transfer the money, what are the payment methods, etc
    • Handling cryptocurrency transactions
    • How the data will be recovered
    • What to do after payment if the data or encryption key is not delivered by the attacker?

Leverage the expertise of the negotiator to safely handle the ransomware attacker/s. Because everything you say or don’t say, the communication channels you use and the timing of your communication, and the tone of your communication will affect the process severely.

If you have not yet been attacked by ransomware, then you are on the verge of being the victim of an attack. It is said not to scare you but to make you aware of the present scenario of the cyberworld. So, to keep ahead of the attacker, you must undertake workable cybersecurity measures to safeguard your organization and yourself. Here at TechForing, we provide all the industry services and solutions you need to secure your organization in cyberspace. Even if you are being the victim of a ransomware attack, we have a dedicated wing to deal with a ransomware attack and what can help you determine the best course of action in case of a cyber incident.




Download Now


Cryptojacking refers to the unauthorized use of a person’s or group’s processin…


Our victim here is MR, who had checked his emails one night before going to bed…


This case study on Penetration Testing is about one of our clients who had an a…


Where you socialize, that’s where they hit hard. We secure your social media an…

Get Updates

Sign up to receive the latest news