Ransomware is a form of malware used by hackers to extort users by hijacking their assets or resources. Hackers can encrypt users’ data and change configurations to make their assets or resources inaccessible, and then demand ransom from users in exchange for decryption key or system restoration upon payment. The main forms of extortion include encrypting files, locking screens or systems, and posing data disclosure threats. Ransomware mainly spreads through phishing emails, malware-hosting websites, vulnerabilities, remote intrusion, supply chain and mobile devices. 

    As indicated in the 2020 Overview of China’s Internet Security Landscape recently released by CNCERT, ransomware continued to grow with more than 781,000 cases being detected in 2020, a 6.8% increase compared to 2019. The first half of 2021 has witnessed a series of major ransomware attacks. For example, on March 20, a Taiwan-based computer manufacturer - Acer - suffered a REvil ransomware attack, which was demanded to pay 50 million US dollar; on May 7, Colonial Pipeline, an American oil pipeline company, was hit by Darkside, a major ransomware attack, causing shutdown of liquid fuel operations across the east coast of the U.S.; on May 26, a large Chinese real estate company's 3TB of data was stolen and encrypted by REvil ransomware and on May 31, the same ransomware attacked the world’s largest meat supplier JBS, leading to suspension of all its meat production in Australia. 

    CNCERT provide this Guide that can help organizations, ICT professionals and Internet users to understand ransomware incidents and how to prevent it and take response actions accordingly.

   Attachment:  Report ( Download)