Ransomware is malicious software that hijacks user data and files. To do this, this malware, once it has access to a computer, searches for all office files, images, emails and archives, encrypts them, making access impossible, and deletes system backups.
Once all the user’s files have been blocked, there are 3 alternatives: reinstall the equipment and make use of a backup copy of the information. If it does not exist, you have to pay a ransom to the hacktivist group that is operating the ransomware with cryptocurrencies or assume the loss of information.
This is one of the reasons why the security of backup systems and their integrity must be periodically evaluated and tested.
Ransomware is a growing problem due to the impunity with which these groups act and since this is a highly lucrative activity, which allows them to professionalise their work and market Ransomware platforms as a service, or simultaneously infect all the systems of a company and steal information before executing the ransomware.
It is increasingly common that along with the ransom requested to recover the encrypted information, companies are also extorted to make internal or confidential information public.