Felipe Contin Sampaio 3:26 PM (0 minutes ago) to me

BR +55 11 3069 3925 | USA +1 469 620 7643

Ransomware: How to Start Fighting It

by | Jul 3, 2023 | BLOG

Ransomware is malicious software used by hackers to encrypt and lock data on systems and devices, demanding a ransom payment to return access. Want to know how to deal with this menace? Read our text to the end.

In recent years, it has become more expensive and riskier for hackers to execute ransomware attacks, as IT managers have strategies in place to prevent these scams from succeeding. For this reason, malicious actors carry out attacks with higher demands.

To give you a sense, the average payout for ransomware in Q4 2021 is up 130% to $322,168, according to Coverware data.

But anyone who thinks that only large companies are targets of  cybercriminals is wrong: according to recent information from the insurance company Coalition, there has been a 40% increase in successful attacks against small and medium-sized organizations, with consumer goods and healthcare being especially targeted.

What’s more, according to a survey by Rapid7, the most frequently leaked data is financial (63%), followed by customer and patient data (48%).

With that in mind, we have prepared this article to show you how to combat ransomware and its consequences. To facilitate your reading, we have divided our text into the following topics:

1. What is ransomware?

2. How does a ransomware attack work?

3. What is the first action you should take in case of a ransomware attack?

4. What is the most common solution to a ransomware attack?

5. About senhasegura

6. Conclusion

Enjoy your reading!


1. What is ransomware?

Ransomware is a type of malware used by malicious attackers to lock and encrypt data on a particular computer or device and demand a ransom payment to restore it.

Victims are often pressured to pay the ransom within a certain period of time, at the risk of permanently losing access to their files. According to a TrendMicro study, 50% of ransomware victims pay the ransom within 20 days of infection. It is worth remembering, however, that even after payment, organizations affected by malicious software may not regain access.

With ransomware, files such as documents, financial data and photographs remain stored on the victim’s computer, but inaccessible, as
the device is encrypted.


2. How a ransomware attack works?

To carry out a ransomware attack, attackers access a computer or device, encrypting files stored on it and, consequently, their access.

This usually occurs when victims download malware via email attachments or malicious links, thus being blocked from accessing files stored on their devices. This type of occurrence can result in major financial losses, such as the interruption of a company’s operations.

Despite the ransom demand, nothing guarantees that access will be returned after payment. Hence the importance of avoiding this type of attack and knowing how to proceed if your organization is targeted by cybercriminals.


3. What is the first action you should take in case of a ransomware attack?

There is a set of actions to take in case of a ransomware attack. They are:


  • Isolate affected devices

If you suspect that you are the victim of a ransomware attack, your first action should be to isolate the supposedly infected computers, avoiding compromising other devices.

Therefore, it is critical to disable Wi-Fi and Bluetooth and disconnect equipment from any device to contain the spread of ransomware and prevent it from communicating with hackers.

At this point, it is important to keep in mind that the ransomware may be inactive on another system and that all connected machines need to be shut down as a potential ransomware vector.


  • Identify which ransomware affected the infrastructure

After isolating the infection, the next step is to identify which ransomware has affected your infrastructure. This way, you can understand how it spreads, what types of files it targets, and what the removal options are, if any.

To know what type of ransomware you are dealing with, you can rely on sites like ID Ransomware and No More Ransom.


  • Contact authorities, including personal data protection agencies, if applicable

Reporting ransomware attacks to the authorities is one way to avoid paying the ransom and to allow the authorities to understand who they are dealing with, how the hackers accessed your system, and how to stop them.

With this, it is possible to prevent attackers from making new victims or that the attack harms the reputation of your company. To file a report with the FBI, simply access the  Crime Complaint Center (IC3) website via this link.


  • Restore backup data

Some sites or software promise to remove ransomware from your system, however, if they are able to completely remove an infection, there is no consensus, since whenever a decryptor appears, new ransomware appears.

However, in case of ransomware infection, it is recommended to restore the system or completely restart it, reinstalling all files. In this sense, the ideal is to have an efficient backup strategy, which allows you to have copies of all documents, media and files.


  • Apply the Incident Response Plan

Finally, to combat a ransomware attack, it is essential to have an Incident Response Plan, which makes it possible to analyze the threats faced by the organization, in addition to identifying potential attacks and defining their scope.

The Incident Response Plan still involves isolating affected systems, eliminating malicious software, publicizing the attack, recovering the environment, and applying lessons learned to deal with future situations.

Are you enjoying this post? Join our Newsletter!

Newsletter Blog EN

5 + 1 =

We will send newsletters and promotional emails. By entering my data, I agree to the Privacy Policy and the Terms of Use.


4. What is the most common solution to a ransomware attack?

One of the most effective solutions to prevent a ransomware attack is PAM, which grants each user only the access they need to perform their tasks, protecting their privileged credentials and reducing the attack surface.

In addition, it is also strongly recommended to have a palliative plan, which includes cyber insurance, capable of repairing financial losses generated by the action of a malicious attacker.


5. About senhasegura

We, from senhasegura, are part of the MT4 Tecnologia group, and we are committed to providing cybersecurity and digital sovereignty to the companies that hire us.

We currently serve institutions in 54 countries, acting against data theft and tracking actions on servers, databases, network administrators and devices in general.

With this, we are able to provide efficiency and productivity to organizations, as we avoid interruptions to their activities due to expiration, in addition to ensuring compliance with audit criteria and standards such as PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA through PAM.


6. Conclusion

In this article, we?ve shown you what ransomware is and how to start fighting this threat. If you liked our content, share it with someone who is interested in the topic.



The main causes of data leaks

Data leaks occur whenever a user or organization has their sensitive information exposed, putting the security and privacy of companies and people at risk. Know more! The Data Breach Investigation Report 2022, conducted by the Ponemon Institute, provides an overview...

What is the SOC 2 report and why is it important for senhasegura?

SOC 2 provides a report after completing the audit. Recently, senhasegura conquered this milestone, providing details on the principles of confidentiality, processing integrity, availability, and information security. Want to know more about this subject? Read our...

What is a lateral movement attack and how does it occur?

A lateral movement attack occurs when the cybercriminal gains access to an initial target to move between devices within the network without their presence being noticed. In this article, we explain in detail what side threats are and how to avoid them. Want to know...

Why are government organizations favorite targets for cybercriminals?

The government segment was one of the most attacked by hackers in the last quarter of 2022. Learn more! In recent years, malicious actors have demonstrated a propensity to attack government organizations, including through ransomware, although governments are not...

Building a Ransomware Incident Response Plan

Ransomware is a type of cyberattack where malicious attackers lock down their victims' computers and demand a ransom to unlock. In this, we show you how to create a response plan for incidents involving ransomware. Want to know everything about it? Read our text until...