Malware is an umbrella term used for any form of malicious software, irrespective of its purpose, function or consequences. In contrast, a virus is a particular kind of malware that can self-reproduce by inserting its code into other programs. As soon as an ‘infected’ file or application is opened, the virus is activated and may delete information, encrypt data and/or disable entire systems.

Malware spreads in a network when it is opened, downloaded or installed on different devices or systems. Once the malware has attached itself to various files and folders, it will overwrite the data within. One of the most common techniques hackers utilise to spread malware are phishng emails.

Ransomware is a common form of malware whereby the victim’s access to important files or systems is obstructed until they pay a specified sum of money to the criminal behind the cyberattack. A ransom may also be demanded to stop the hacker sharing stolen data with the public. Decryption keys will only be returned once the ransom has been paid, often with untraceable cryptocurrency.

You can make the mistake of infecting your device with ransomware by clicking a link, opening an email attachment, downloading an application or file, or even simply visiting a website. As soon as the code has loaded onto the device, it may restrict access to the entire device, its folders or files. More sophisticated ransomware can also affect attached drives and networked devices.

A data breach is a security violation whereby private and protected information is accessed or disclosed without its owner’s permission or awareness. Therefore, a ransomware attack is considered a data breach if the information was extracted in this way before being encrypted.

Yes, ransomware can encrypt files that have been encrypted on a device or file level, be they on a single computer or sophisticated system.

If you have been targeted by a ransomware attack and do not pay the hacker their requested amount by a specified deadline, then your files may be erased forever. Consequently, it’s important that you follow the below steps as soon as possible: 

1. Disconnect infected devices from the network.
2. Contact IFW Global on 1300 439 456 for an urgent consultation so that we can investigate the malware attack. Our expert team will advise on the most effective recovery plan and prevention techniques to avoid further data loss. 
3. Refrain from attempting any DIY data decryption, which has the potential to hamper subsequent recovery efforts.

Data recovery may be possible depending on the complexity of the ransomware attack. Successful retrieval relies on the type of hardware affected, payload executed, and actions taken in response to the attack.

At IFW, we perform each malware investigation with a proactive and adaptable approach, developing a tailored response strategy to help you maximise the likelihood of successful data recovery.

According to The State of Ransomware 2021 report, the average total cost of a ransomware attack has risen over 100% in a single year, reaching US$1.85 million in 2021. 

Potential expenses include:

• The ransom payment, which in 2021 averaged US$170,404;
• Data recovery attempts;
• Operational and technical measures to protect against follow-up attacks;
• Production downtime and loss of revenue;
• Forensic investigation; and
• Staff and user training.

Yes, our intelligence reports can serve as evidence in Court in most developed countries. To determine whether IFW can provide admissible evidence for your case, please contact our investigators today.