• Contact Us
  • Select a Location
    Close Location Selection

    Current Location:

    Let us know the location you'd like to browse.

    Select a Location

What Is Ransomware?

Businesses fall victim to ransomware every year—often resulting in a loss of productivity and revenue. Find out how Cox Business MalBlock® and our Security suite protects your most critical data and keeps your business running.

The meaning or definition of ransomware is a type of malware that uses encryption to hold a user’s valuable data hostage until a ransom is paid. It’s often designed to take over an entire network with the intent to paralyze an organization. A cybercriminal will typically demand money, forcing organizations to either pay the ransom or lose their most critical data. Find out how ransomware works and how to protect your business from falling victim to this damaging online threat.

What Does Ransomware Do?

Ransomware encrypts an organization’s critical data, blocking users from accessing their database, applications and files. Once the ransomware has infected a device or network, the cybercriminal responsible for deploying it will contact the user demanding a payment be made in exchange for the data. Organizations that fall victim to ransomware will have three options: pay the ransom, attempt to remove the malware or accept data loss. Ransomware attacks can affect both individuals and entire organizations.

How Does Ransomware Work?

This is how ransomware typically works to infect a device:


  • A cybercriminal deploys an attack on your device, typically through a spam email attachment, phishing scam or Trojan horse.
  • After the ransomware is activated on a device, it releases a malicious binary used to search and encrypt valuable files, such as applications, files, photos and databases.
  • The ransomware may also spread to other devices in the network through shared drives, servers or chat messages.
  • Once the files are encrypted, the malware stays on the device until a ransom is paid.
  • Typically, users are given a set amount of time to pay the ransom before the files become permanently lost.

Types of Ransomware

New types of ransomware are constantly emerging, but some of the most popular are:


CryptoLocker is one of the oldest forms of cyber-attacks, where hackers encrypt a user’s most valuable data without interfering with computer functions. Typically, a user will be able to see their data, but won’t be able to access it until the ransom is paid.


In 2017, WannaCry was a ransomware attack that exploited a security vulnerability in Windows. It was created by the National Security Agency and spread by the Shadow Brokers hacker group. Over 230,000 computers worldwide were infected, and it caused roughly $4 billion in financial damage. Users were locked out of their devices and asked to pay a ransom in Bitcoin.

Bad Rabbit

Mostly organizations in Russia and Eastern Europe were infected with this strain of ransomware. Bad Rabbit is installed using a fake Adobe Flash installation on compromised websites.


Crysis ransomware spreads through malicious email attachments and encrypts files on fixed, removable and network drives.


One of the most destructive types of ransomware, Jigsaw encrypts a file and begins deleting data on an hourly basis until a ransom is paid. Typically, users are given 72-hours before all their data is deleted.


This ransomware is designed to lock a user out of their computer until a ransom is paid. It’s spread through an email disguised as an invoice. When the attachment is opened, the invoice is deleted and the user is directed to enable macros to be able to read it, tricking the user to activate Locky.

How to Remove Ransomware

Once ransomware has infected a device, an organization will have several options for ransomware removal and data recovery:


  • Pay the ransom and hope the data is returned
  • Attempt to remove the malware using a decryption tool
  • Restore backup data—organizations that back up their data externally or utilize a cloud backup service can retrieve information saved before the network was infected

How to Detect Ransomware

Ransomware can be extremely difficult to detect. Cybercriminals tend to use advanced techniques to install military-grade encryptions onto devices. Once it infects a device, the ransomware will spread quickly through the network, making it hard to respond in time. An organization often won’t be aware of the ransomware until after it has already encrypted the data and made itself known by demanding a ransom.


Some common signs of a ransomware attack include:


  • Abnormal file system activity—such as many failed file modifications
  • An increase in CPU and disk activity without being prompted by the user
  • Files have been renamed without the user’s knowledge
  • Inability to access files, data and application
  • Suspicious network communications, typically deployed by the cybercriminal

How to Protect Against Ransomware

By taking preventative measures, you can help protect your business from the crippling effects of ransomware. Cox Business MalBlock offers company-wide cyber security that can help uncover threats before they even reach your network. Businesses using Cox MalBlock automatically receive malware protection for all devices connected on their network. Get the protection your business needs within minutes.

What can Malblock do for your business?

Find out how our customized solution can protect your business against cyber-attacks.

Related Articles

The best offense against Trojan horses is a good defense. Find out how to safeguard your business.

Learn how Cox Business MalBlock helps protect botnets from invading computer networks.

Have Questions?