Please fill in the form below to subscribe to our blog

What is Ransomware & How Can You Stop It?

September 17, 2021

Back to Basics: What is Ransomware? How Can You Stop It from Damaging Your Business?

Ransomware is the monster under the bed for cybersecurity teams. A favored tool of cybercriminals, ransomware is employed by nation-state threat actors as well as small-time gangs. This versatile weapon can be used to disrupt infrastructure like we recently saw with Colonial Pipeline as well as stop factory production, encrypt systems and steal data. An estimated 61% of organizations worldwide experienced a damaging ransomware incident in 2020, a 20% increase over the same period in 2019. A successful ransomware attack is inevitably an expensive, disruptive disaster, and the pace is not slowing down. Ransomware losses in 2021 are already up more than 300% over the same period last year, beating 2020’s record-setting pace.

ransomware defense can be complicated by cryptocurrency risk

See how ransomware really works, who gets paid & what’s next in our tell-all Ransomware Exposed! DOWNLOAD IT>>

Definitions: What is Ransomware?


This incredibly devastating form of malware is the preferred weapon of today’s cybercriminals including nation-state actors. Ransomware is intended to encrypt data and/or systems to prevent the victim from accessing those resources. In the most commonly used type of ransomware attack, bad actors encrypt the victim’s files and request that a ransom be paid to have them decrypted or recovered. Ransomware gangs generally demand payment in the form of Bitcoin (an untraceable digital currency). Ransomware can also be used to shut down factories, snarl or stop utilities, interfere with shipping and transportation, steal research and formulas and cause other harm.

What is Ransomware’s Basic Makeup?

Ransomware comes in an infinite number of varieties to suit every cybercriminal’s dream, but it generally conforms to one of two basic profiles in doing its dirty work. 

Crypto Ransomware 

Crypto ransomware encrypts data like files on a computer, making them unable to be accessed. Cybercriminals then offer to sell the victim they decryption key. This type of ransomware does not impact the machines it is used on, just the data.  

 Locker Ransomware 

Locker ransomware makes devices unusable, like computers or machinery. The cybercriminals will offer to unlock the affected devices upon payment of the ransom. This is the type of ransomware typically used in infrastructure attacks or attacks against manufacturing targets. 

Ransomware usually starts as an email, carefully designed to trick the target into interacting with it. Once that target swallows the bait by downloading a file or clicking a link to a website, it infects your systems and starts doing its nasty work.  Here’s the typical lifecycle of a ransomware attack: 

  • Cybercriminals decide to target your company and plan to take your data and systems hostage.  
  • They use information gathered from many sources (including the Dark Web) to carefully craft a phishing email that will be especially appealing to your staff. 
  • The email makes it past your security and lands in your employees’ inboxes. 
  • One of your employees takes the bait, opens the email, and interacts with it by visiting a poisoned website or downloading a tainted attachment. 
  • The malicious payload infects that computer with a ransomware client that takes control of it. 
  • The infected computer then establishes a connection with the cybercriminals’ network to begin freezing your systems or encrypting your data.  
  • The cybercriminals contact you offering the encryption key that unlocks your systems and data – for a price, payable in cryptocurrency. 
  • You have two choices: Pay the ransom or restore your data and systems in another way.  

Learn why ransomware is today’s nastiest threat and how to defend against it in Ransomware 101. READ IT>>

What is Ransomware’s Most Likely Mechanic?

Every cybercrime gang has its own secret sauce – it’s signature variety of ransomware. That’s a strong selling point for big cybercrime organizations when recruiting affiliates – typically, affiliates have access to the boss gang’s tech. But how that ransomware does its dirty work can have many variations. 

Double Extortion 

Double extortion ransomware is a rising star as cybercriminals double down on their attacks to double their profits by requiring their victims to pay twice: once for the usual decryption code and a separate fee to not have the encrypted data copied by the gang. Practitioners of this tactic were responsible for more than 50% of all ransomware attacks in 2020 

Triple Extortion 

triple extortion ransomware is beginning to gain popularity. Adding one more step to the traditional double extortion dance, triple extortion ransomware not only requires companies to pay for a decryption key and the return of their uncopied data, but it also includes a payment to avoid another damaging effect like a DDoS attack. 

Targeted Ransomware 

Targeted ransomware is on-trend, and it is exploding. In this style of attack, bad actors don’t craft a spear phishing email designed to appeal to many targets; instead, they design a spear phishing email designed to lure in a few very specific targets, often executives or people with IT management or spending power in an organization in order to increase the likelihood that the message makes it through security and doesn’t raise suspicion, even in the target. 

Find an In-Depth Answer to the Question “What is Ransomware?”

Forewarned is forearmed when it comes to protecting businesses from ransomware. These resources can help you find answers to questions like”What is ransomware?” and “Is my business at risk of a ransomware attack? (Spoiler Alert: Yes, it is.)


10 Ransomware Statistics That You Need to See

10 More Ransomware Facts That You Need to Know

10 SMB Cybersecurity Statistics That Every Business Owner Needs to See

What Happens If You Pay the Ransom?

Ransomware Attacks Endanger Infrastructure and the Businesses That Maintain It


Ransomware 101

This introductory guide is ideal for learning about the nuts and bolts of ransomware, what damage it can cause to a business and the basics of building a ransomware defense. You’ll love the breakdowns of how ransomware infects a business and what happens if your business is hit.


Ransomware Exposed!

Go a step further into the shadowy world of ransomware with an in-depth look at the evolution of new types of ransomware the economics of ransomware on the dark web, who profits from ransomware and so much more including key industry charts.


The Road to Cyber Resilience

Cyber resilience isn’t just a trendy new buzzword. It’s what separates businesses that will survive a cyberattack from businesses that will crumble. Learn how to keep your business humming in any conditions and how to increase your cyber resilience in this essential introductory guide.



4 Ways to Safeguard Your Organization from Dreaded Ransomware Attacks

How to Build Your Cyber Security Fortress Mini Guide

4 Ways to Safeguard Your Clients from Ransomware Attacks

Zero Trust security is a piece of cake when you’re sure you’re giving access to the right people at the right levels. SEE HOW TO DO IT>>

Ransomware Fact & Fiction

Looking for the truth about common ransomware myths without in-depth reading? Here’s the TL;DR

Ransomware is a big business problem. My business is too small to be hit with a ransomware attack

FALSE! Big business only made up 50% of all ransomware attacks between August 2020 and July 2021. 

The most likely way that my business will encounter ransomware is through email.

TRUE! An estimated 94% of ransomware arrives at businesses via email.    

Microsoft Office files are always safe to download or interact with.

FALSE! Almost 50% of infectious attachments that contain malware like ransomware are Office files. 

Over half of the businesses in the world were impacted by ransomware in 2020.

TRUE!  An estimated 61% of organizations worldwide experienced a damaging ransomware incident in 2020.

If we get hit with a cyberattack like ransomware we could go out of business fast.

TRUE! Unfortunately, 60% of companies go out of business within six months of experiencing a cyberattack.

Are You Ransomware Ready? Learn 4 Ways to Guard Your Organization Against Ransomware Attacks WATCH NOW>>

US Federal Ransomware One Stop

On July 14, 2021, a joint action by the US Department of Justice (DOJ) and the US Department of Homeland Security (DHS) launched a new One-Stop website designed to help businesses reduce their ransomware risk and report suspected cybercrime to the appropriate authorities. includes resources and content from DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Secret Service, the Department of Justice’s Federal Bureau of Investigation (FBI), the Department of Commerce’s National Institute of Standards and Technology (NIST), the Departments of the Treasury and the Department of Health and Human Services. is modeled on the format of other popular government One-Stop sites like Career One Stop. It aims to gather all of the necessary federal resources that businesses need to increase their defense against ransomware and learn about the legal consequences that could ensue from an attack in one place. Intended for use by organizations in myriad sectors like infrastructure, energy, food, healthcare and information technology, the site is packed with useful information and advice on how to steer clear of ransomware, plus what to do if you don’t .  

us government hack by suspected russsian cybercriminals represented by a hacker in a hoodie in silhouette against a russioan flag created in binary code

Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>

Build a Powerful Defense Against Ransomware Without Breaking the Bank

An estimated 50% of IT leaders said that they don’t believe that their organization is ready to defend against a ransomware attack. Is yours? ID Agent can help make sure that businesses of every size are ransomware ready. Take action now to build a strong defense against ransomware with the powerful 1 -2 punch of BullPhish ID and Passly.

Passly includes the functionality of 3 solutions in one affordable package, including:

  • Multifactor authentication (MFA)  stops 99% of password based cybercrime, and teamed up with single sign-on (SSO), this dynamic duo provides strong access control.
  • Simple remote management and secure shared password vaults make it easy for IT teams to respond quickly in an emergency to isolate a compromised account.
  • Automated password resets eliminate the constant wave of reset tickets, saving time, money and stress.

BullPhish ID is the streamlined, user-friendly solution to every training challenge, including:

  • A frequently updated library of plug-and-play phishing simulation kits that can be scheduled to run automatically.
  • Lots of options for customization and white labeling for everything from training content to access portals.
  • Simple, clear reporting that enables everyone to clearly see employee progress and measure the value of training

Make sure that your business is taking a strong security posture against cybercrime threats like ransomware with the ID Agent digital risk protection platform including award-winning solutions Dark Web ID, BullPhish ID and Passly.

Contact one of our solutions experts today for a personalized demo and get started on your ransomware defense. 

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!