Ransomware is becoming increasingly targeted and disruptive, affecting business interruption costs. Ransomware is a subset of malware where the data on a victim's computer is locked, typically by encryption, and payment is demanded before the ransomed data is decrypted and access is returned to the victim. Payment is often demanded in a virtual currency, such as Bitcoin, so that the cybercriminal's identity remains unknown.

Ransomware malware can be spread through malicious email attachments, infected software apps, infected external storage devices and compromised websites.

Citing a well-known targeted attack, a Norwegian aluminium smelting giant fell victim to a difficult-to-detect strain of ransomware known as “LockerGoga”, through which cyber criminals gained access to the company’s networks. The company was forced to stop production at many plants across Europe, causing severe business interruption losses. The decision about whether or not to pay a ransomware or extortion demand continues to be influenced by how well an organisation has backed up its data, and the potential business interruption that may result.

Go back to FAQs on Cyber Risk