Learn more about Ransomware & other threats to your data

The rise of ransomware is causing enormous global damage infecting over 121 million companies per year and therefore costing individuals and companies billions.


What Is Ransomware?

Malware that locks your device/data

Ransomware is defined as vicious malware that locks users out of their devices or blocks access to files until a sum of money or ransom is paid. Ransomware typically gets installed on a user’s workstation (PC or Mac) using a social engineering attack where the user gets tricked in clicking on a phishing link or opening an attachment.

Malware that locks your device/data

How does ransomware work?

Locking valuable files

Once ransomware is on a victim's computer, it automatically searches for files that it encrypts while spreading its reign of havoc to associated networks (putting entire companies at risk for a single breach). When a victim attempts to access one of these encrypted files they are blocked and are given directions as to how to pay the ransom to unlock the files. Ransoms (ranging from hundreds to millions of dollars) are often paid using hard to trace cryptocurrencies like Bitcoin. Businesses that are infected with ransomware, are often plagued with temporary or permanent loss of sensitive or proprietary information, often catastrophic disruption operations, hefty expenses incurred restoring files and systems, and harm to an organization’s reputation when news of the hack is undoubtedly released/leaked to the press.

Locking valuable files


Recovery Possible?

Unfortunately, once files are encrypted, the only way to get them back is to restore a backup or pay the ransom. However, new ransomware variations are now often corrupting unsecured backups before the victims know what hit them. In addition, 40% of victims who pay a ransom never get their data back-would you trust a criminal? With Ransom Data Guard, not only are backups secured against attacks, but your files are hidden so they are not locked in the first place. This proactive approach keeps your data safe.

View a list of ransomware victims
Recovery Possible?

Protecting Against Ransomware

Are you ready for a ransomware attack?  The question is not if you will be attacked, but when.

Are you backing up?

Backup your data. Assuming you have backups available, recovering from a ransomware attack is as simple as wiping and reimaging an infected computer (something Ransom Data Guard can do with 1-click).  Given its pivotal nature, it is key that data backups are stored on a secured cloud server with multiple-factor authentication and high-level encryption.  Local backup redundancies should also be in place.

Are you protecting your data?

Once ransomware takes hold of your computer and its files, reversing the attack can be an arduous task if not prepared.  Using solutions like Active Cypher’s Ransom Data Guard and File Fortress (built to secure business data), one can protect their data making it invisible to ransomware and encrypted end-to-end.

Learn about File Fortress

Is your computer updated?

Patch and update your software. Ransomware often relies on exploit kits to gain illegal access to a computer or network. As long as your computer’s software is up-to-date, exploit-based ransomware (e.g. GandCrab) can’t hurt you.  Outdated and obsolete software should also be avoided as vulnerabilities will persist.  While zero-day threats will continue to exist, automatic updates help keep you ahead of others.

Know thy enemy

Ransomeware to know

Meet some of the most infamous ransomware variants


As its name suggests, WannaCry’s unfortunate success has led to much grief.  Starting in May 2017, WannaCry has infected over 300,000 computers in practically every country in the world by taking advantage of an unpatched Microsoft Windows vulnerability (MS17-010).  While a patch was released, some estimate millions of computers remain vulnerable.

Discovered at the end of 2018, GandCrab is part of Ransomware-as-a-Service (RaaS) deployment and has quickly become a very commonly seen ransomware threat.  The developers of GandCrab that they were retiring after the ransomware made $2 billion in total, netting them $150 million personally.


Sodinokibi is allegedly distributed by attackers affiliated with those that distributed the infamous GandCrab ransomware. Perhaps hinting to a level of state-sponsorship, Sodinokibi avoids infecting computers from Iran, Russia, and other countries that were formerly part of the USSR.


Despite its name, RobbinHood ransomware is not stealing from the rich to give to the poor. Instead, the malicious code which is gaining popularity in the black hat worlds, targets enterprise and critical government infrastructure, feeding ransom to itself.


Types of Ransomware

Discover the different permutations of ransomware and how they could infect your computer.


A common rogue security software/tech support scams often seen with a pop-up message claiming that malware was discovered and the only way to get rid of it is to pay up. If the victim does nothing, they’ll continue to be plagued with annoying pop-ups, but their files will remain essentially safe.

Screen Lockers

When lock-screen ransomware infects a computer, the victim will be frozen out of their PC entirely. Upon starting up their computer, a window will appear, often paired with a fake US Department of Justice or FBI seal stating illegal activity has been detected on their computer and demanding a fine be paid

Encrypting Ransomare

By far the most feared and common form of ransomware. Once within your computer, the victim’s files are encrypted and a demand for payment is made. Unless the ransom is paid, retrieval of the files is impossible (but remember 40% of  victims do not receive their documents back even after paying a ransom).

Learn More


Ransomware unfortunately a growing threat.

check 67% Of ransomware is delivered by email¹

check 151.9m Number of 2019 Breaches²

check 40% of victims who pay never regain access to their data.³

check $75 Billion Yearly cost of ransomware to businesses⁴

check 75% of companies infected with ransomware were running up-to-date endpoint protection.⁵

check 50% of a surveyed 582 cybersecurity professionals do not believe their company is ready to repel a ransomware attack.⁶

Statista¹  SonicWall²  IDC Report³  Datto⁴  Sophos⁵  Pwnie Express⁶

Already ransomed? See list of available decryptors.


History of Ransomware

Born in the early days of computing, the use of ransomware has exploded since the WannaCry attacks in 2017.

Early Days

The first known ransomware was PC Cyborg (aka AIDS), developed in the late 1980s. PC Cyborg encrypted all files in the C: directory after 90 reboots, subsequently demanding the victim renew a license by sending $189 by mail to PC Cyborg Corp. The encryption used was simple enough to reverse, so it was not seen as a major threat and was not widely utilized.

The Rise of Encryption

In 2013, CryptoLocker re-introduced to the world encrypting ransomware. CryptoLocker used advanced encryption paired with remote key storage, to make it virtually impossible for victims to get their data back without paying hefty ransoms. This type of encrypting ransomware is widely used today, as it’s proven to be an incredibly profitable scheme for cybercriminals. Large scale outbreaks of ransomware, such as WannaCry and Petya, used encrypting ransomware to prey on individual victims and businesses across the globe.

Newest Threats

Criminals behind the Sodinokibi ransomware (an alleged offshoot of the infamous GandCrab) have increasingly used managed service providers (MSPs) to spread malware. In mid-2019, hundreds of dental offices around the U.S. found they could no longer access their patient records. Attackers used a medical records software company (the MSP), to directly infect over 400 dental offices using the 3rd party software.

Read the full history


Frequently Asked Questions

The simple answer is no.  While some anti-virus solutions protect against older versions of ransomware, this protection is done “after the hack”.  The only way to defeat ransomware is to not allow it to take hold of your files in the first place.

Ransom Data Guard takes a proactive approach to defending against ransomware by ensuring that your data always remains safe.  Unlike other solutions, Ransom Data Guard does not operate “after the hack” nor require user interaction / IT oversight.

Ransomware has become an enormous business perpetrated by both organized crime and nation-state actors.

Organized criminals are motivated by extorting as much money as possible. Increasingly they distribute their malware as ransomware kits that anyone can use – even if they don’t have much technical expertise. The ransomware as a service (RaaS) model sadly has been very effective at spreading their malicious software. The criminals facilitate the payments and decryptions while taking a percentage of the collected ransom.

Nation-states have utilized ransomware as a revenue source and as a manner to disrupt the economic and governmental well-being of their rivals.  The large resources a nation-state has at its disposal to mount such attacks is especially disruptive.

The majority of popular ransomware strains utilize such strong encryption that decrypting files is unfortunately not possible.  In limited cases, older ransomware families (Rakhni, Agent.iih, Aura, and a few others) have decryptor’s available.

With Ransom Data Guard, you don’t need to worry about ransomware even taking a hold in your computer, let alone encrypting your data.  Protection is automated and far-reaching.  Ransomware is deflected.

Send any questions via our Support Form.  Our team will reach back ASAP!

Every 5 Seconds There Is A Ransomware Attack

40% of victims who pay a ransom never regain access to their data. Don't be a victim.

Join Waiting List