Initially, ransomware criminals targeted personal computers. Now, they are focusing on government entities, nonprofit organizations and businesses of all sizes. For example, ransomware attacks have forced hospitals to turn away patients and gas pipelines to shut down, leaked confidential information at law firms and police departments, and left multinational manufacturers with no other option than to shut down manufacturing production.
Although schools, hospitals and government entities have been recent victims, no business is immune to these attacks. During the COVID-19 pandemic, ransomware criminals who focus on remote services and their vulnerabilities discovered a wealth of new opportunities thanks to work-from-home policies. That’s why it’s important to know how to identify ransomware attacks and to discover how you can protect yourself.
Ransomware is malware that attempts to prevents users from accessing data by encrypting it with a cryptographic key that is known only to the hacker1. The data — which is typically critical to business or system’s operations — is unusable until the victim pays a ransom. A pop-up message on the locked screen notifies the victim of the ransom’s terms. In some cases, the hacker threatens to sell the encrypted data.
Verizon estimates that in 2020, ransomware attacks accounted for 27% of all malware activity. This is a 20% increase from 20192. These attacks can result in:
Ransomware is openly marketed on the dark web. To best position their attack, crime groups penetrate networks to perform reconnaissance, which can intensify the impact on the victim and, consequently, potentially maximize the ransom. These attackers are professional, organized criminals, and according to PNC Enterprise Technology & Security, they use ransoms to continuously develop better attack tools and talent.
The FBI doesn’t recommend paying ransom to any criminals because:
A post-event investigation is also recommended. This will help to determine the mode of infection, strengthen your preventative controls and improve your incident response plan.
REMINDER: If you receive a suspicious email or text that claims to be from PNC, forward it to PNC Cyber Defense at firstname.lastname@example.org, and include background information in your email.
For more information, visit the Cybersecurity & Infrastructure Security Agency’s (CISA) Multi-State Information Sharing & Analysis Center.
The best defense is prevention. The tips below, while not all-inclusive, can help protect your business and personal devices from attack:
Attackers have many methods of delivering malware, including:
If you ever experience a ransomware attack, don’t panic, take these steps:
National Institute of Standards and Technology (NIST), "Small Business Cybersecurity Corner Glossary," accessed May 17, 2021, https://www.nist.gov/itl/smallbusinesscyber/cybersecurity-basics/glossary
2020 Verizon, “2020 Data Breach Investigations Report,” accessed May 17, 2021, https://enterprise.verizon.com/resources/reports/2020/2020-data-breach-investigations-report.pdf
These articles are for general information purposes only and are not intended to provide legal, tax, accounting or ﬁnancial advice. PNC urges its customers to do independent research and to consult with security, ﬁnancial and legal professionals before making any ﬁnancial decisions. This site may provide reference to internet sites as a convenience to our readers. While PNC endeavors to provide resources that are reputable and safe, we cannot be held responsible for the information, products or services obtained on such sites and will not be liable for any damages arising from your access to such sites. The content, accuracy, opinions expressed and links provided by these resources are not investigated, veriﬁed, monitored or endorsed by PNC.
Read a summary of privacy rights for California residents which outlines the types of information we collect, and how and why we use that information.