Ransomware

Traditionally, it was common to encrypt data and restrict access, demanding a ransom in exchange for decryption. Recently, there have been various cases where data within a network is stolen, and threats are made such as “If you don’t pay the ransom, I’ll make your data public” or “I’ll notify your business partners that you’re under attack.” Additionally, organizations are being targeted regardless of their industry or size.

In the “10 Major Security Threats 2025” report by Japan’s Information-technology Promotion Agency, an independent administrative institution, ransomware was ranked as the top threat to organizations.

The attackers’ methods are sophisticated. The four most common are: vulnerability exploitation, where software vulnerabilities are used to infect computers with ransomware; unauthorized access, where computers are accessed through unintentionally exposed ports (data entry and exit points); email exploitation, where users are tricked into opening malicious attachments or clicking on links; and website exploitation, where websites are tampered with to trick users into downloading ransomware.

A logistics company was infected with ransomware through unauthorized access that exploited a vulnerability in remote connection devices. Both physical and virtual servers were encrypted, forcing operations to be halted for three days until data could be restored. Additionally, at one application development company, the infection spread from the data center servers, leading to the suspension of cloud services. Providing alternative apps and rebuilding the IT infrastructure resulted in significant costs.

Establishing an organizational structure is essential to combating ransomware. First, it is important to appoint a Chief Information Security Officer (CISO) and form a Computer Security Incident Response Team (CSIRT). Establish a response plan for the team in case of an infection and conduct regular training to ensure preparedness.

It is essential to continuously check whether appropriate security measures are in place for servers, clients, networks, and other systems. In particular, minimizing access rights to shared servers is a crucial point for risk reduction. It is also important to ensure that all employees are cautious about opening email attachments and clicking on links, and to avoid running software from unknown sources.
Since encrypted data is often difficult to decrypt, it is important to take measures such as keeping data backups disconnected from networks to enable the quick resumption of business operations.