Most businesses are likely familiar with ransomware—a type of malware that criminals use to extort organizations by encrypting data and holding it hostage until a digital ransom payment is made.
Ransomware is a considerable challenge for businesses: In 2021, ransomware attacks led to a reported $49.2 million in losses, according to the Internet Crime Report from the FBI’s Internet Crime Complaint Center (IC3).
Understanding the anatomy of a ransomware attack can help organizations better prepare against these threats. If you know how the ransomware lifecycle unfolds, it may be easier to mitigate risks before potential widespread disruption can occur.
It can take as little as three days for ransomware to infiltrate and infect systems. This ransomware playbook flowchart outlines the different stages of an attack, so you know where to improve defenses and implement strong controls and policies.
The network is compromised by a phishing email, exploit or worm.
Once inside, the ransomware establishes a connection with the attacker's command and control server to receive instructions.
Still undetected, the malware continues to set the stage for its attack by stealing credentials and gaining access to more accounts across the network.
The virus searches for files to encrypt—both on the local workstation and on any networks it has gained access to through lateral movement.
Cybercriminals begin to exfiltrate and/or encrypt local and network files. The attacker demands payment to have them decrypted or released back to the business.
The ransomware threat landscape rapidly evolves. Keeping up to date on trends can help improve planning and incident response. Here are some overarching trends to keep in mind:
Protecting against ransomware means planning for major disruptions across the full scope of your IT infrastructure. Here are some best practices that can help you build protections and a response plan:
If you suspect you’re the target of a ransomware attack, reach out to JPMorgan Chase. It’s important you do not make a ransom-related payment through your JPMorgan Chase account unless we provide written advanced approval for you to process such a payment. This includes payments that do not originate from your account but may originate from your intermediaries using accounts with JPMorgan Chase.
To further protect your organization, download our ransomware preparedness guide from our fraud solutions page with added insights and best practices.
Reach out to your relationship banking team to talk more about cybersecurity and fraud planning.
© 2022 JPMorgan Chase & Co. All rights reserved. JPMorgan Chase Bank, N.A. Member FDIC. Visit jpmorgan.com/cb-disclaimer for disclosures and disclaimers related to this content.