Ransomware
A single careless click, a single downloaded attachment—and your data could be lost forever. Ransomware is one of the biggest cyber threats of today and can affect anyone. How does it work, how can you defend against it, and why paying the attackers might not be the solution?
Ransomware is a malicious code that, once executed, encrypts all data on the device, causing the user to lose access to it. The decryption key is held solely by the attacker. After completing the encryption process, ransomware displays a message stating that the data is now inaccessible or unreadable, and the only way to recover it is by paying a ransom—usually in cryptocurrencies. The demanded amount is typically adjusted based on the victim's financial capabilities. For individuals, it ranges from thousands to tens of thousands of Czech crowns, while for companies, it can reach significantly higher sums.
Types of Ransomware
Ransomware has several variants that differ in their function and methods of extorting victims. The two basic types are cryptors and lockers.
Cryptors encrypt data and demand a ransom for their decryption but do not interfere with the functioning of the computer.
Lockers block access to the entire device, often by locking the operating system.
A special category consists of wipers, which go even further—the attacker demands a ransom, but even if the payment is made, the data is irreversibly deleted. This type of ransomware is often associated with hacktivists who are not seeking financial gain but aim to achieve their political or activist objectives.
How Does Ransomware Spread?
And it takes very little. A single careless click, opening a fraudulent email, or downloading an infected file—and ransomware can take control of your device. Human error is one of the most common entry points for attackers who pose as trusted individuals or institutions and spread fake phishing emails [1]. These emails contain malicious links or attachments embedded with ransomware. Another common method of distribution is unpatched software vulnerabilities. If users do not perform regular system updates, ransomware can exploit security gaps to infiltrate the device. The key to protection is caution when handling emails and regular software updates, which minimize the risk of infection. This type of malware often spreads to other connected devices as well, potentially crippling entire networks. This represents a serious threat to large organizations, companies, hospitals, or schools that rely on the functionality of their computer systems.
Ransomware attacks, unfortunately, do not spare the Czech Republic either. According to data from the National Cyber and Information Security Agency (NÚKIB), a record number of cyberattacks were recorded in October 2024—a total of 47, of which nine were ransomware attacks [2].
2020
One of the most serious ransomware cases in the Czech Republic was the attack on the University Hospital in Brno, which disrupted its operations during the critical period of the pandemic in 2020 [3].
2022
The Ministry of Transport was also targeted, where the malware caused extensive system outages. The attack crippled, for instance, digital communications, leading to limitations in the office's agenda [4].
2023
A year later, the University of Defence in Brno became the target, where a hacker group subsequently published stolen data that had been exfiltrated by the ransomware [5].
2025
A significant incident was also the ransomware attack on the Cadastre Office in Slovakia, which paralyzed access to important property information for several days [6].
How to Prevent Ransomware?
If all preventive measures fail and ransomware encrypts your data, not all is lost. Regular and thorough backups of all critical data can help prevent devastating consequences. Masaryk University offers its users several such backup services and storage options. All employees, students, and other users can use these services for free. In addition to these services, you can, of course, also use other backup options provided by tech giants such as Microsoft, Apple, and Google.
Backup Is Not Enough: How Can Ransomware Affect Your Cloud Storage?
Although data backup is a key step in defending against ransomware, this measure alone is not foolproof. If files get encrypted, this problem can automatically spread to synchronized storage. In other words—if your computer is infected and ransomware overwrites your files, it is possible that the cloud service will save these encrypted versions, causing you to lose access to your backed-up data as well.
A solution can be file versioning, which allows you to restore older versions of documents that have not yet been encrypted. Masaryk University provides its students and employees with free access to OneDrive storage, where file versioning is enabled by default.
For data protection to be truly effective, it is recommended to combine different backup methods—regular offline backups (e.g., to an external drive that is not constantly connected to the network) along with the versioning features of cloud storage. This way, in the event of a ransomware attack, it is possible not only to restore the data but also to minimize the risk of their permanent loss.
Ingenuity of Attackers
Attackers, however, are resourceful and well aware-of backups. Therefore, they have adapted their methods and, in the case of large targets, have begun to use double and triple extortion. In double extortion, besides encrypting data, they also threaten to publish it. Triple extortion goes even further—beyond the leak of sensitive information, attackers often carry out DDoS attacks that disrupt service operations or inform third parties (such as clients or business partners) about the breach, thereby putting the victim under even greater pressure.
Incident Reporting
If you encounter ransomware in the MUNI environment, report the incident here immediately. If you come across this malicious code elsewhere, do not hesitate to contact the police. It is also important to note that although paying the ransom may seem like the quickest solution, there is no guarantee that the attacker will actually decrypt the data after receiving the payment. Therefore, both the MU Cybersecurity Team and the NÚKIB cybersecurity authority strongly recommend not paying the ransom.
One of the most serious ransomware attacks targeted the Colonial Pipeline, which supplied approximately half of the gasoline on the East Coast of the USA [7]. Following the attack, the pipeline's operations had to be shut down, leading to the declaration of a state of emergency by the U.S. government. In this case, an unusual situation occurred—the ransom was actually paid to the attackers with the consent of the police. Although it is often claimed that cryptocurrencies are anonymous, this incident demonstrated that they can be traced. Thanks to cooperation between investigators, the majority of the paid amount was recovered, which could serve as a significant precedent in the fight against cybercriminals and ransomware itself.
Final word
Ransomware represents a serious threat that can cripple not only individuals but also entire companies and organizations. As real cases from the Czech Republic and abroad show, the damage caused by cyberattacks can have far-reaching consequences. Prevention in the form of regular backups, caution when opening emails, and the use of security measures is the key to protecting your data.
Want to learn more about how to effectively protect your device and data from cyber threats? Try our online course, Cybercompass, where you’ll discover how to identify phishing emails, properly back up data, and protect yourself not only against ransomware but also against other risks of the digital world.