Ransomware Attacks Are Going Everywhere And You or Your Business Could be The Next

Ransomware, which combines ransom and malware, is a software category that prevents users from accessing their systems. Ransomware frequently uses a trojan to lock down a terminal or system and all its files. Targeted individuals can only acquire access once a ransom payment has been received, which is often required within a short window of 24 to 48 hours. Attacks using ransomware are nothing new; they have existed since the late 1980s when postal payments were the norm. Nowadays, fraudsters typically demand ransom payments via a credit card or a cryptocurrency.


How Ransomware Attacks Work

Ransomware assaults come in a variety of forms, each with unique characteristics. However, while bad actors sometimes adopt different strategies, three essential steps are typically followed.

Phase 1: Infection and Distribution

Accessing a company’s network is the initial step in a ransomware assault. There are various ways to accomplish this, with phishing emails being the main one. Cybercriminals, in this instance, send phishing emails with attachments or links that, when clicked, download and run malware on the victims’ computers. One careless click is all it takes for the tentative to become an expensive breach.

Utilising the Remote Desktop Protocol is another approach to introducing infection into an organisation’s systems, especially given the prevalence of work-from-home arrangements nowadays. Attackers only need to steal or guess a target’s login information. This is made simpler if potential victims use the same password across several accounts or choose one of the weak passwords that attackers are aware of (e.g., 123456789, 123456, password123, etc.).

The ability to remotely access a user’s computer allows attackers to download and run malware on the terminal and spread it throughout the business after finding the correct ID/password combination.

Phase 2: Data Encryption

Once malicious users have access to the network, the second phase, data encryption, can begin. This indicates that malware encrypts readable files using a secret key only known to the attacker. The encrypted ones replace the old, original files, and backups and shadow copies are erased in some situations. Cybercriminals use this strategy to make it even more difficult for businesses to recover their data.

Phase 3: Ransom Demand

Once the files have been encrypted, thieves can make their claim. Different things could happen depending on how the evil actor approaches the situation. One of the most popular techniques is altering the backdrop of a computer to a ransom note that demands cryptocurrency in exchange for giving the victim the key to access their information. Another choice would be to include text files in the encrypted directories so that people would see the ransom message when they opened them.

If the business pays the ransom, the cybercriminal might give the victim access to the decryption program, a copy of the encryption key or the private key that protects the symmetric encryption key, and a copy of the encryption key or private key. At this stage, all that needs to be done is enter the data into the application.

Why should businesses worry about ransomware?

The NHS (National Health Service) was the victim of the WannaCry ransomware assault in May 2017. It is estimated that this attack damaged 70,000 devices, including computers, blood-storage refrigerators, and MRI scanners. Due to the severity of a potential data breach, which may cost a business several million euros, cybercriminals frequently target companies like government institutions or corporations because they believe doing so will result in large payouts. As a result, people were turned away from hospitals.

However, it would be incorrect to believe that small firms are secure. They are occasionally the first to be attacked since many owners believe “it won’t happen to them” and, as a result, lack the necessary security ransomware protection measures, making them easy prey.

Due to the seriousness of the situation, they must have some efficient ransomware security since clients would be very dissatisfied if their data were to be leaked online or if they had delays due to the business system being down. This can cause customers to leave the business rapidly, harming its reputation.

Are we prepared?

Every business should know its risks and how to respond to them, just as in a fire drill, a weather emergency, or another potential disruption. Despite significant efforts in cybersecurity, many firms now function differently than before the COVID-19 outbreak, relying on remote teams and reducing staff, among other things. Senior managers frequently prioritise investments in prevention skills, leaving possible vulnerabilities in response and recovery.

There are numerous varieties of ransomware, all of which have a few things in common. They are all initially driven by money.

Second, each poses a threat in some way to the victim’s IT infrastructure.

Third, they all transmit or show a message requesting a ransom, usually in the form of Bitcoin or another cryptocurrency.

But the precise attack methods that each type of ransomware employs set it apart from the rest. In turn, let’s examine these attack strategies to determine the specific dangers they present.

Crypto Ransomware

Data kidnapping, often known as crypto-ransomware, is a very profitable and successful assault strategy. Due to its popularity among cybercriminals, it is one of the most typical types of ransomware.

In such an assault, your data is encrypted to make it unreadable, and the attacker then requests a ransom in exchange for the keys to unlock it. The attacker will frequently also try to encrypt your backups to prevent you from doing a data restore.

Exfiltration (Leakware)

Ransomware, a type of malware that threatens victims with their data, is a subclass of leakware. In a leakware attack, data is taken and encrypted by a malicious party. Because of this, the information is unusable and cannot be read.

However, this encryption is temporary. The victim will only be handed the decryption key if they comply with the attacker’s demands, and the attacker will encrypt the data while holding it.

There is another, more pernicious aspect of leakware. If their demands are not satisfied, leakware attackers will threaten to reveal the private information they have obtained from the victim(s). These requests typically involve payment and take the form of a ransom (which is why leakware is a kind of ransomware).

DDoS Ransomware

Distributed denial-of-service (DDoS) ransomware attacks target your network services rather than your data, in contrast to crypto-ransomware and exfiltration.

To stop your servers from responding, they bombard them with erroneous connection requests. An accompanying ransom note informs you that the attack will terminate once the ransom is paid. A malicious party might, however, send the ransom note first and, if their demands still need to be met, may or may not carry out the threat.

A DDoS ransomware assault uses a lot of resources. Therefore, a hacker might find it challenging to maintain it for very long. Furthermore, your actual data is not at risk from DDoS ransomware.

Locker Ransomware

These ransomware varieties lock users out of their computers. Lockers typically block users from accessing the data, not destroy it. Users are frequently only permitted to view the lock screen or interact with a screen that displays the ransom demand. To partially pay the attacker, the mouse and keyboard would be enabled. A timer with a deadline would be presented to get the victim to pay up.


Scareware uses social engineering techniques to persuade users that their machine has malware or has encountered another issue that necessitates immediate action. It presents a pop-up notice directing you to buy and install software to fix the problem, frequently with the logo of reputable security software. The software might only delete the message or have malware that can inflict more severe damage.

Why is Ransomware Spreading?

For several reasons, ransomware assaults and their variants quickly advance to defy protective solutions.

Malware creation tools are easily accessible and can be used to produce fresh malware samples quickly.
Using well-known, reliable generic interpreters, cross-platform ransomware is delivered (for example, Ransom32 uses Node.js with a JavaScript payload)
using novel methods, such as encrypting the entire drive rather than just specific files

Thieves of today don’t even need to be technologically sophisticated. Online markets for ransomware have sprung up, providing malware strains for any would-be cyberthief and bringing in additional revenue for the software creators, who frequently demand a part of the ransom money.

Why is it so hard to find people responsible for the ransomware attack?

It is challenging to find criminals and follow the money trail when anonymous cryptocurrencies like bitcoin are used for payment. Cybercrime organisations are developing ransomware strategies more frequently to get quick cash. Open-source code and drag-and-drop platforms that make it simple to generate ransomware have sped up the development of new ransomware variations and made it easier for beginner scripters to create their malware. Modern malware, such as ransomware, is frequently polymorphic by design, enabling hackers to get around signature-based security based on file hashes quickly.

How to Prevent a Ransomware Attack

Here are the main ways a business can protect itself against ransomware attacks.

Backup your data

Restoring data from a backup is the best method for recovering from ransomware. By recovering data from sources other than the encrypted files, backups get around the ransom demand. Because of this, hackers create ransomware that looks for backup files on the network. Even after recovering from a backup, the network must still be cleaned of the ransomware.

Keeping a copy of your backups elsewhere is an efficient technique to prevent malware from encrypting backup files. Most companies that want an offsite backup solution opt for cloud backups. You may protect a copy of your files from ransomware and other cybersecurity risks by using cloud backups.

Layered security framework

While a cloud backup can help you recover lost files and minimise downtime, it cannot replace appropriate security. In addition to firewalls, other security measures like encryption, MFA (multi-factor authentication), and endpoint protection are needed to fend off ransomware. A multi-layered technique is more efficient than a single-solution strategy that might have gaps.

Most crucial, this security software must be consistent and up-to-date because if it is, it will not be able to identify and stop ransomware. Also, partners may give organisations Microsoft 365 as a superb solution and safety net. It combines numerous security tools to provide businesses with the most recent security.

Train employees to be more attentive

Education is a further useful anti-ransomware tool. Workshops should be held often. Topics can include how to spot ransomware, the value of strong passwords, and the need for frequent password changes. Even outside security professionals can provide knowledgeable perspectives on cybersecurity. Employees are less likely to fall into a trap if you familiarise them with ransomware and what to watch out for.

Develop plans and policies

Create an incident response strategy to ensure your IT security staff is prepared for a ransomware outbreak. The system should specify the communication channels and responsibilities used during an attack. A list of contacts, such as any partners or vendors who need to be contacted, should also be included.

Is there a “suspect email” policy in place? If not, think about establishing a corporate policy. Forward the email to IT. This will assist in educating staff members on what to do if they get an email that raises questions.

How to Remove Ransomware

Paying the ransom is never acceptable. Cybercriminals are only encouraged to create more ransomware and deceive more people due to their success. Here are several methods for getting rid of ransomware.

Free decryptors: It might be feasible to recover some encrypted files by employing free decryptors. Using the incorrect decryptor increases the likelihood of further encrypting the files.
Remediation: Downloading a security programme with a reputation for remediation and running a scan to eliminate the malware are other options. Even while the files might not be able to be restored, the
Entire system restores: If screen-locking ransomware has seized control, a complete system restore may be necessary. Running a scan from a bootable USB drive or CD will help if this doesn’t work.
Negotiate: Negotiation is often the last resort for companies that have exhausted all other avenues for regaining access and are not advised. However, you should know that the ransom amount is frequently adjustable if you pay the ransomware. The contact information on the ransomware message might be used to negotiate with the attackers. Bitcoin is commonly used to pay a ransom. Though there is no assurance, hopefully, the attackers will let you decrypt your files when you pay the ransom.

Nick Roddick

Head of Production

Elpidoforos Arapantonis

Senior IT security manager at Volvo

Elpidoforos Arapantonis aka Elpis is Chief Product Security Officer at ecarx in Gothenburg, Sweden. He has academic background in electronics with M.Sc. degrees in distributed systems, as well as in information security. He has long experience working in projects around Autonomous Driving, and Advanced Driver-Assistance Systems in OEMs, from the cybersecurity point of view. His current focus is cybersecurity on infotainment systems as well as vehicles’ off board systems.

Anders Jared

CISO at Bravida

With decades in the area of security I now lead the IT and information security work within Systembolaget AB. This proactive engagement together with my background of analyzing security breaches in criminal investigations renders me a unique understanding of both threats and prevention possibilities in our digitalized world.

Anthony Herrin

Nordic Head of Cyber Underwriting at RiskPoint Group

Anthony has 15 years of experience in the insurance industry with roles within both broking and underwriting. He has focused on cyber risk and insurance since 2015 and is CISM certified. Whilst predominantly on the broking side at Aon, JLT and Marsh over the last few years, he has recently moved to an underwriting role at Riskpoint and will lead their team of Nordic Underwriters.

Bernard Helou

Head of IT Governance at Lendo Group

Bernard has 15 years experience in information security. He has been working as a
cybersecurity consultant to CAC40 companies in Paris for 9 years before taking internal roles as information security manager. From security awareness to data protection strategy or
contingency plans, he has a good overview of security best practices.

Moa Mörner


Moa Mörner is an experienced Data Protection Officer with a demonstrated history of working with questions concerning processing on a large scale of special categories of personal data, both for Controllers and Processors. She is skilled in data protection law, advising on strategic level as well as operative, assessments and recommendations, educating, and managing incidents of personal data breaches. Moa is strong advocate for making data protection and information security working together, when the perspective of the individual (data protection) and the perspective of the organization (information security) allows it.

Today Moa is Group DPO at SJ AB.

Jacqueline Jönsson

CISO at Danish Energy Grid

During my 20+ years in the security sector I have a good feeling about what works in practice and gives results and what doesn’t. The part that engages me most is integration of technical security with legal and financial aspects as well as people’s behavior.

Core skill is CISO work and guiding board members and executives about cybersecurity, operational resilience and business assurance.

Also advice on regulations, directives and practices for the financial services and energy sector.

Jonas Rendahl

CISO at Aurobay

My name is Jonas Rendahl and I work as CISO at Aurobay (Powertrain Engineering Sweden AB). I live south of Gothenburg with my wife and daughter.

I started my interest in computers and security at an early age. I have worked within IT since early 2000 but I have worked within many different industries and areas before that. Within IT I have worked with things like development, support, testing, management, audits, disaster and recovery, architecture, operational security and almost all aspects of security you can think of.

I have a keen interest in security and love the fact that it is such a dynamic and ever-evolving industry. From all of my experiences I have learnt that nothing is static and that all experiences are something to learn from.

I am a rather pragmatic person in such respect that I try to listen the organization’s needs and weigh that against potential risks and possible and plausible security measures. I am a firm believer in simplicity over complexity and in setting up the foundation for fruitful conversations by first defining the boundaries and basic concepts to ensure everyone understand each other.

Klas Themner

CISO/Deputy CEO at AMRA Medica

Klas Themner has, as AMRA’s Chief Information Security Officer, overall responsibility for the management of the company’s information security. Klas has been at AMRA since 2017, mostly in the role of COO, also keeping the role of deputy CEO. Before joining AMRA Medical he had 20+ years of experience as COO & CFO in a number of different listed medical device companies within advanced medical image processing and across all imaging modalities. Previously to Life Science, Klas spent 10 years with the Swedish defense industry. He has an engineering background and holds a PhD in Nuclear Physics from Lund University.

Lorena Carthy-Wilmot

Senior advisor in Digital Policing (DPA) at Lillestrøm police station

Former Head of the Forensic Technology Services Lab at PwC in Oslo. Now Senior Advisor in the field of Digital Forensics at the Norwegian Police, East District.


Future leader of cybersecurity sector at Einride

I'm a Senior Security Advisor within the IT/Telco domain with more than 25+ years in the industry.

Thea Sogenbits

CISO at Estonian Tax and Customs Board

Thea maintains tax secrecy of everyone in Estonia. As CISO of the Estonian Tax and Customs
Board she leads the security vision and information security management programme as well as the certified information security organization within the ETCB.

Her academic research focuses on the value chains and business models of professional
organized cross-border transnational cybercrime.

She trains and mentors military, public and private executives on hybrid defense and integration of next level defenses to organizational daily policies, practices and culture.

Thomas Evertsson

Head of IT security at DNB Bank

If you are looking for an efficient, Get the Job Done IT Manager with high ambitions then you've found the right person. I am inspired by a fast pace and successfully driving change, both organizational and technical. I see myself as a realistic optimist who is happy to share ideas and knowledge with others. Experience has taught me to be honest, cohesive and consistent, factors I see as important to success.

Tomi Dahlberg

Senior Advisor Cyber Security at State Treasury of Finland

My executive work, IT management and governance centric career started in 1976. I'm still passionate about these topics as they evolve all the time. Since 1984 I've worked in managerial and since 1988 in executive positions in business, academy and consulting (ABC). Business executive is my main career path.

I have worked in business executive positions in software (e.g. Unic), finance (e.g. Danske Bank), telecom operator (e.g. Elisa), nanotechnology, executive consultancy, and IT services. I have written 70+ publications both academic and practical as a part-time professor in business schools since the year 2000 . My research motive is to understand in depth issues that I conduct in business.

Executive work expertise areas: Corporate governance and board work, change management and leadership, strategy work & management, business models, business development, innovation management, finance.

IT executive expertise areas: governance and management of IT, OT, digital business and platform business, CIO/CDO work, IT service management, data management, business and IS development methods.

Benjamin Bauchmann

CISO at Ströer SE & Co. KGa

Speaking session - March 16th, 2023

Visibility is crucial: E-criminals will find your internet-facing assets you do not know much about

You can only protect the assets you know of, so it’s important to have a high visibility on all your internet-facing assets. Even more in times like these in which states/hackers/the bad guys try to cause havoc. They do not need to target you specifically, but they will find your assets, you do not know about.
Biography: If he had been in Troy then, the city would still be standing today. When it comes to security, most people rely on offerings to the IT gods. Not so Benjamin Bachmann, because he sees cyber security as a holistic issue that must consider and address the triad of people, organization and technology in equal measure. In other words, they form the foundation of a sustainable and livable security culture. An industrial engineer by training, he felt called to promulgate these early on on behalf of various consulting firms. Today, as Vice President Group Information Security at Ströer, he is responsible for the strategic security of the entire Group and develops implementable, useable and human-centered security concepts for the subsidiaries. Privately, he has been battling with his friends for years to see who can bake the best wholemeal sourdough bread, is on a sustainable journey and shows that cyber security is not dry-as-dust topic.

Tobias Ander

CISO at Örebro kommun

Speaking session - March 16th, 2023

Raising a cybersecurity culture! - Why is it so important?

Tobias will be delivering an insightful talk on how to comprehend the security implications of a futuristic security strategy. This talk will focus on the importance of incorporating the security function into crucial decisions, and will provide an overview of what such a strategy would look like. He will examine the emerging technologies in the field of security, and explore how they will influence the security strategies of tomorrow.
Biography: Tobias Ander got more than 20 years of experience in information security. Today he is CISO at Örebro Kommun, runs his own company Securebyme and recently released the book Informationssäkerhetskultur (Information security culture) in swedish. Tobias was awarded “This year’s GRC-profile” in 2017 for his commitment in Governance Risk and Compliance.

Ståle Risem-Johansen

CISO at Spare Bank

Experienced senior manager with 20+ within Energy sector as CIO and CISO. Chairman of the Board of Nationwide Security forum in Norway (Energy Sector) for 7 years. Confident with working with regulator and The Office of the Auditor General Strong relationship-builder always aiming to Learn more. If security is done the proper way it will become a business enabler. Currently hold the position as CISO in SpareBank 1 SMN – a part of SpareBank 1 alliance.

Raviv Raz

Cyber & AI Innovation at Ing

Speaking session - March 16th, 2023

How will AI impact CyberSecurity in near future

  • AI is gradually taking a prominent part in Cybersecurity
  • Recent developments in offensive AI pose, in a close future, threat to  conventional security measures, arming malicious hackers with a powerful  technology previously unavailable to the masses
  • Innovative Advancements on both sides of the force
  • Is AI going to help to save the security staffing shortage or lead to a dark future

Raviv has pioneered and disrupted several domains in Cybersecurity including:

  • Network Access Control
  • Web Behaviour Analytics
  • Programming Language Processing

As part of his R&D work in ING he co-founded the CodeFix and PurpleAI innovation initiatives: reducing false-positive alerts in application security testing and using AI in offensive security testing.
Specialising in Application Security, Raviv has blogged, lectured, appeared in the news and released open-source tools used by tens of thousands of hackers.

Including R.U.D.Y that appeared on the TV show Mr. Robot