What is Ransomware?
Ransomware is a form of malware that interferes with data on a device, or the device itself.
It enables the attacker to encrypt or lock the data or the device from a remote location, and then refuse to unlock it unless a fee is paid (the “ransom”) for their release.
Though ransomware declined year-on-year in 2018 in overall scale, it remains a significant threat. 2017 was the highest year ever, so whilst 2018 saw a reduction, there was still more ransomware in 2018 than 2016.
Part of the reason for the decline may be as simple as the devaluation of cryptocurrency like Bitcoin. In December 2017 one Bitcoin was worth over $13,000, but by December 2018 that had fallen to less than $3,700. Most ransoms are demanded in cryptocurrency, and most of that is Bitcoin.
For more information about Ransomware, visit the SWGfL ransomware section here.
How to protect against ransomware
The most important defence against ransomware is backup: if system(s) and data can be restored quickly and easily, the impact of ransomware will be significantly reduced.
Specific anti-exploit software (in addition to antivirus software) can also be used to provide additional protection against "zero-day vulnerabilities", including ransomware.