Skip to content
NeoGuard

Ransomware

Malicious software that encrypts your files and demands payment for the decryption key, often combined with threats to publish stolen data.

Ransomware is a type of malware that encrypts files on your device or network, making them inaccessible until you pay a ransom (usually in cryptocurrency). Modern ransomware groups often use “double extortion”: they encrypt your data and threaten to publish it publicly if you don’t pay.

How Ransomware Gets In

  • Phishing emails: The most common vector. An employee clicks a malicious link or opens an infected attachment.
  • Exploited vulnerabilities: Unpatched software with known zero-day or disclosed vulnerabilities.
  • Compromised credentials: Attackers use stolen passwords (often from credential stuffing) to access remote desktop or VPN systems without 2FA.
  • Supply chain attacks: Malware delivered through compromised software updates from trusted vendors.

The Cost Beyond Ransom

Even if you don’t pay, the damage is severe:

  • Business downtime (average: 21 days to full recovery)
  • Data loss if backups are also encrypted
  • Regulatory penalties under the nDSG for failing to protect personal data
  • Reputation damage with clients and partners
  • The mandatory 24-hour reporting to BACS for critical infrastructure operators

How to Protect Against Ransomware

  • Backups: Maintain offline or immutable backups. Test recovery regularly.
  • Encryption: Encrypt sensitive data at rest so exfiltrated data is useless to attackers.
  • Endpoint protection: Modern antivirus that detects ransomware behavior, not just signatures.
  • Network segmentation: A firewall and proper segmentation limits how far ransomware can spread.
  • 2FA: Prevents attackers from using stolen credentials to move laterally.
  • Patch management: Close known vulnerabilities before attackers exploit them.

Ransomware in Switzerland

Swiss SMEs are increasingly targeted because they often lack dedicated IT security teams but hold valuable data. The BACS reported a significant increase in ransomware incidents targeting Swiss healthcare, municipal, and financial organizations in 2025.

Related Terms

MalwarePhishingZero-Day