What is Ransomware?
Ransomware is a type of malicious software (Malware) that encrypts or blocks files or systems and then demands a ransom to restore access.
It is one of the most common and damaging forms of cyber attack, targeting companies, governments, healthcare institutions and industrial organisations alike.
🧠 How does ransomware work?
- 📩 Infection: via email attachments, malicious links, vulnerabilities or Remote Access (e.g. unsecured remote-access connections).
- 🔒 Encryption: the ransomware encrypts files or systems with a secret key.
- 💰 Demand: the attacker displays a message demanding a ransom (often in cryptocurrency).
- 🛑 Lockout: until payment, the system remains unusable; in some cases, attackers also threaten to leak data.
📦 Types of ransomware
| Type | Description |
|---|---|
| Crypto-ransomware | Encrypts files and folders |
| Locker ransomware | Blocks access to entire systems (no file access) |
| Doxware / Leakware | Threatens to publish data if not paid |
| Wiperware | Destroys data with no possibility of recovery |
🏭 Ransomware in OT/ICS environments
In industrial networks (with PLCs and SCADA, for example), ransomware can:
- Render operator interfaces, HMIs or Historians unusable
- Disrupt production or logistics processes
- Block data visibility and control
- Indirectly disrupt pipes, pumps or machines
🎯 Well-known incidents: Colonial Pipeline (US), Norsk Hydro, Maastricht UMC, Hof van Twente (NL)
🔐 How to protect against ransomware
- Segmentation (such as network segmentation or the zone-and-conduits model)
- Backups stored offline (air-gapped)
- Updates and patch management
- Restrict remote access with a Firewall and multi-factor authentication
- User training and phishing awareness
- Antivirus and EDR software
📌 In summary
Ransomware is a serious threat to digital and industrial systems, with attackers demanding money in exchange for access to data or systems. Preventive measures, detection and a sound recovery policy are essential for protection.