It's late and the evening train is packed with commuters. Eager to get home, you hurry out the carriage at your stop, leaving the remaining people to jostle for the free space. In your haste, however, you drop your USB key. The man you sat next to you picks it up, curious to see how he can profit from his discovery.
How anxious does the scenario above make you? Do you have anything stored on your USB that a criminal could use to rob, blackmail or publicly embarrass you? I'd wager there's something valuable there. It could be personal or professional, but if it's easily accessible, it's vulnerable.
Whether its name is WannaCry, Petya or Mirage, ransomware is numerous these days, causing grief, frustration and financial losses wherever it strikes. Hardest hit are smaller organisations that lack a dedicated cybersecurity department.
Setting aside the technical side of ransomware attacks (to be addressed in a future blog-post) these attacks aim to infect backups and hard drives of a target organization with malware that makes data unreadable (encryption) for anybody but the holder of the unique secret decryption key. The hackers then proceed to extort a ransom from the victim in order to have the data restored. However ingenious these viruses may work once they have infected corporate IT systems, they all spread through the same means – peopIe.