Skip to content

Term of the Week: Ransomware

What is it?

Malicious code that encrypts files on a computing device, enabling an attacker to demand a ransom from the legitimate owner to recover the encrypted data.

Why is it important?

Numerous high-profile ransomware cases – including the May 2017 WannaCry ransomware attack that struck at least 50 organizations(WannaCry 2017) – have occurred over the last several years, involving medical centers, police departments, and government organizations. These occurrences show the negative impact ransomware can have on an organization’s operations and finances.

Why does a business professional need to know this?

Symantec’s 2017 Internet Security Threat Report(Symantec 2017) notes, During 2016, ransomware was one of the most significant threats facing both individuals and organizations. Another disturbing trend noted in this report is that the average ransom amount continues to trend upwards with a 266% increase between 2015 (US$294) and 2016 (US$1,077).

Both Symantec’s report and Verizon’s 2017 Data Breach Investigations Report(Verizon 2018) predict a continued upward trend in ransomware attacks, their sophistication, and the amount of ransom demanded. Thus, the ransomware threat is not fading away anytime soon.

The potential impact of a successful ransomware attack is enormous for any organization that depends on digital/electronic data or systems to conduct business.

To reduce the risk of a ransomware attack, organizations should consider best practice defenses such as the following:

These best practices can help lessen the negative consequences on operations and revenue that a successful ransomware attack can generate. Business professionals must communicate with decision makers in the organization regarding the risks and consequences of a ransomware attack on the organization.


  • (WannaCry 2017) WannaCry ransomware attack: Wikipedia. Describes the May 2017 WannaCry ransomware attack and provides details about the attack, the alleged attackers, the response, and the affected organizations.
  • (Symantec 2017) Internet Security Threat Report (2019): Symantec (2019). Digicert. Infographic. Discusses website vulnerabilities, attack types, and covers the estimated costs of responding to cyber attacks. Updated 5/16/2019.
  • (Symantec 2018) Internet Security Threat Report (2018): Symantec (2018). Report covering known cyberattacks during 2017. Includes useful statistics, infographics, and links to ancillary materials. Registration required.
  • (Verizon 2018) 2018 Data Breach Investigations Report: Verizon (2018). PDF. Detailed analysis of 53,000 cybersecurity incidents in 2017, including 2,216 confirmed data breaches.

About Dave Kartchner

Photo of Dave Kartchner

Dave Kartchner has been a cybersecurity professional for more than 15 years both in private industry and with the US Army Reserve. He has an extensive background in computer forensics and incident response, including threat hunting, threat intelligence, penetration testing, and security operations. He holds undergraduate and graduate degrees from Brigham Young University and Boston University. He currently works as a senior computer forensic engineer at Silicon Valley Bank in Santa Clara, CA.

Term: Ransomware



Leave a Reply