Become a Partner
Back to Resource Center

What is ransomware? | Ransomware Meaning

What is ransomware?

Ransomware can cause major financial damage but also disrupt your IT infrastructure. In this article, you can read everything about ransomware and how you can arm your company against it.

You often hear the word in films and series in which a kidnapping or hijacking takes place. You get something or someone back in exchange for money. In the case of ransomware, this is a digital scenario. When your company network is hit by ransomware, the computer systems within your company are held hostage by hackers. To make your files accessible again, the hackers ask you to pay a ransom. Another word for ransomware is ransomware.

Ransomware is a type of malware. Malware is malicious software that tries to interfere with a digital device. For example, it tries to get hold of sensitive information in the background or open a port in the device. When this port is opened, cybercriminals can access your device without you realizing it. Malware is spread over the network. This malware can disrupt your entire business process.

You must be well prepared for an imminent situation, such as a ransomware attack. Employees need to be aware of their responsibilities so that they can take the appropriate steps if the company is a victim of ransomware. In addition, it may be the case that you have taken out insurance in case you become a victim, or that you have made clear agreements with an IT partner.

Are you or is your organization a target for ransomware?

Almost any system can be infected with ransomware. It is therefore important that the software on a device is up-to-date. When you or your organization is running an outdated version of Windows or antivirus software, you are an easier target, the so-called low-hanging fruit for a hacker. This is because ransomware exploits security vulnerabilities.

Both large and small companies can fall victim to ransomware. Large companies are often the target because there is a lot to gain. In recent years we have seen a clear shift to smaller companies because they often have less well-organized IT infrastructure. In general, more and more large companies have pretty much boarded up, employ a CISO (Chief Information Security Officer) and set up an entire department for cyber.

Who is the target?

Ideally, the makers of a ransomware virus want the virus to end up at companies where a lot of money can be made. Unlike private individuals, companies often have more to offer, but government agencies or healthcare institutions are also wanted, victims. This includes large amounts of personal data or financial reports. Private individuals can also be valuable to cybercriminals. For example, there may be photos or videos on your devices that shouldn’t fall into the wrong hands.


How big is the threat of ransomware?

Ransomware can cause major damage. By encrypting the data on different devices, the entire business must be brought to a standstill. For example, you can no longer access important invoices or the payroll. As a result, payment arrears arise and employees can no longer be paid.

If you have a webshop, no more orders can be placed. In addition, customers and relations can lose trust in your company because they are afraid that their data has also been stolen. Or how about a logistics company that no longer knows what the schedule is for the trucks to be driven that morning? Not to mention your reputational damage. Drama quickly looms.


How are you affected by ransomware?

Ransomware can end up on a device in several ways. Cybercriminals are getting smarter, working together better, and finding new ways to spread the malware.


The most common ways ransomware spreads:

  • Distribution via a file.
  • Distribution via Software Leaks.
  • Dissemination through advertisements or links on a website.

When a system is infected, this system will help spread the ransomware. For example, messages with malicious files are sent from your e-mail address, without you realizing it. The ransomware can also spread within your internal network.

Image of a drawn hand holding a phone where phising is described

Social engineering

Spreading ransomware via email or social media is what we call social engineering. For example, when a company is infected with ransomware, emails are sent to customers containing malicious files called, for example, “invoice” or “proof of payment.” As you may have guessed, these are pseudonyms. Without realizing it, you opened the wrong file and downloaded ransomware. It is a devious way of distribution because it makes customers curious. For example, they are afraid that someone has hacked their account, so they would like to know what exactly is in the file


Another way of spreading is malvertising. In this case, the ransomware gets to your device through malicious advertisements. You can think of pop-ups on erotic websites, but also advertisements on YouTube, for example.

Exploit Kits

A device can also be infected by previously installed software. This includes illegal downloads of films and series. Some websites abuse outdated web browsers and software. When you are active on that website, the software is downloaded and installed without your knowledge.


We are always there for you, promise!

Register now for free and never stress about cyber crime again.

Start 14-day free trial

What are the characteristics of ransomware?

Ransomware is easy to spot.

Ransomware features at a glance:

  • The virus locks your files making them inaccessible
  • To unlock your files, cryptocurrency (e.g. Bitcoin) or a ransom is often demanded
  • Pop-ups appear on your screen with the threat that your files will be deleted
  • A timer will appear on your screen to increase the pressure
  • Computer is unusable
  • The computer gets infected through downloads, websites, or apps

Why is it so popular among cyber criminals?

Ransomware makes it easy for criminals to make money. It takes little time and work, and the chances of them getting caught are small. This is because these internet criminals are often part of organized gangs from China or Russia. They only spread the malware in the west and do not attack their own country.

When the police detect an internet criminal who spreads ransomware, it is often difficult to catch this person. This is because they are active from the west. Local governments of these countries often do nothing against these gangs.

Ransomware that left a big impact

To give you a better idea of ​​the damage that ransomware can do, we explain a number of major attacks.

Big known Ransomware

WannaCry has made many victims. The malware has damaged more than 10,000 businesses and more than 200,000 individuals across 150 countries. The malware infects computers through a leak in Windows. When the ransomware was defeated, there were over 1,000,000 victims.

Petya was active in Ukraine. That’s where it made 90% of its victims. In addition to Ukraine, the malware has also been active in the US, Lithuania, Brazil, Belgium, Russia and Belarus.

The name Locky may sound cute, but the malware certainly wasn’t. Locky went all over the world via email. Victims received a message about an order or invoice. After downloading a Word document you were instructed to enable macros. At this point, the malware was installed.

Cerber is a so-called toolkit that can be downloaded and distributed by anyone. Users can send emails with files to make victims. The malware works even when someone is offline. Cerber can block and thus hostage more than 400 different file types.

Covid-19 ransomware
Criminals took advantage of the panic during the Covid 19 outbreak. For example, the fear was acted upon by spreading dangerous e-mails about health. For example, think of information about vaccinations. Hospitals were also infected, the pressure on care made them easy victims.

How does ransomware extortion work?

Ransomware extortion can be divided into 4 levels. These levels can greatly increase the pressure on the victim.

Level 1 | single extortion

At this level, the data and files are locked. You must make a payment to regain access.

Level 2 | double extortion
This level is a lot more annoying. In addition to encrypting data and files, the criminals also threaten to make the data public if you do not pay. This can have major consequences for your company.

Level 3 | triple attack
At this level, in addition to taking the data hostage and threatening to make the data public, a DDos attack is also carried out. For example, the servers of your company or website are inaccessible for employees and customers.

Level 4 | quadruple attack
In a quadruple ransomware attack, the data is held hostage and customers and partners are notified. The hackers inform customers and partners that their data will be made public if they do not pay the requested amount of money. This puts enormous pressure on your company.

This is how cybercriminals work with ransomware attacks

Cybercriminals carry out targeted and untargeted attacks. In untargeted attacks, social engineering or malvertising is often used. Dangerous advertisements are placed on websites, or emails are sent with a dangerous attachment. They often got their hands on these e-mail addresses through a data breach.

Targeted attacks are often done by highly organized gangs. For example, they look at a company’s revenue to see how much the company has to spend. For example, they send emails to company employees, in these emails there is an attachment that contains the ransomware.

A ransomware attack described in steps:

  • The cyber criminals gain access to the network through phishing, poor security or a leak in the network.
  • They explore the network and try to get more and more rights.
  • The criminals infect the system with ransomware and other types of malware. They try to get their hands on sensitive information and backups.
  • When they have enough information in their hands, they strike and shut down the network. This process can sometimes take weeks to months.
  • Negotiations with the company are started, the data will become available again after paying crypto coins.

Limit damage with a backup

Cybercriminals love an online backup. When you are hit by ransomware, this backup is also held, hostage. It is therefore wise to keep these backups offline, or via another network. In this way, it becomes more difficult for internet criminals to hijack this data. In addition, it is wise to store all data on an external hard drive.

Disconnect from the network to protect other computers. Ransomware often spreads throughout the internal network. You can protect the other computers on the network by disabling the network connection. You can do this via the computer itself, or by removing the network cable, for example.

Restore files

To recover your company’s files, the easiest option is to pay the requested amount of money. Think carefully about this. Business interruption could have fatal consequences for a company, causing you to decide to pay. You can also contact an IT specialist, who will remove the ransomware and restore files from a backup.

Do you also want to better protect your company against ransomware? You can with Guardey. Sign up now for the free 14-day trial!

We are always there for you, promise!

Register now for free and never stress about cyber crime again.

Start 14-day free trial

Frequently Asked Questions

What is Guardey in short?

You just want to know what Guardey is, in a few lines, not scrolling through the whole website. We got you covered. Here you are:

Guardey focuses on three parts of your cyber security:

A safe and encrypted VPN connection via Guardey’s secure infrastructure or a Site-to-Site VPN.

We analyze information packages from the data going through the VPN tunnel, give clear insights into your data infrastructure, and provide alerts in case of threats like ransomware, viruses, and irregularities in your network.

Your cyber security is as strong as your weakest link. With Guardey, you can educate your whole team and increase awareness in a fun and efficient way through gamification.

It’s an advanced software as a service with applications for Windows and Mac OSX and an online platform for reporting and managing your teams and company policies.

How does the free trial works?

Your free 14-day trial with Guardey is based on our Basic plan. In our basic plan, all the alarms will only be available for yourself or your own company, and you manage the alarms in-house. We don’t need any payment information to start your trial, and you can invite as many users as you want.

The majority of SMEs don’t have an in-house IT department or a team of cyber security specialists. Therefore we also offer Guardey co-managed and Guardey custom. In both plans, you are able to connect Guardey to a preferred Guardy IT partner or, of course, your own IT partner.

They can semi or fully manage the alarms and the health of your infrastructure so that you can focus on your business.

After your 14 days of the free trial, you can decide if you want to continue with a paid plan. Upgrading during your trial period means you stop your trial and upgrade to a paid plan. You need a verified payment method to upgrade.

How can I pay after the trial period?

We don’t ask for any payment information to start your trial.

If you want to upgrade during or after your free trial to a paid plan, you can use one of the below payment methods:

  1. Credit cards (Visa, MasterCard, American Express, Maestro, PostePay, Cartes Bancaires)
  2. PayPal
  3. Direct Debit (iDeal SEPA)
Can I up- or downgrade to a different plan?

Yes you can! You can always upgrade immediately and costs are calculated pro-rata on your next invoice. A downgrade will be effective from your next payment period.

Want to ask more questions?
Get a personal demo

Get the latest resources & news, delivered directly to your inbox.

Anouk ter Harmsel

Let's protect your business!

  • Try completely risk free
  • 24/7 support
Start 14-day free trial
Hey, wait!

Before you go, let us offer you a free 14-day trial.