100% Free Forever
AI-Powered Learning
Industry Expert Content
Certificates & Badges
Learn At Your Own Pace
Cybersecurity

Ransomware

BeginnerConcept7.1K learners

Ransomware is a type of malware that encrypts a victim's files or systems and demands payment, usually in cryptocurrency, in exchange for the decryption key needed to restore access.

Definition

Ransomware is a type of malware that encrypts a victim's files or systems and demands payment, usually in cryptocurrency, in exchange for the decryption key needed to restore access.

Overview

Ransomware is one of the most financially damaging categories of Malware in use today. After gaining access to a system — commonly through Phishing emails, exploited unpatched vulnerabilities, or compromised remote access credentials — the ransomware encrypts files across the victim's systems and network shares using strong encryption, then displays a ransom note demanding payment for the decryption key. Modern ransomware operations frequently use "double extortion": before encrypting files, attackers first exfiltrate sensitive data, then threaten to publish or sell it publicly if the ransom isn't paid, adding pressure beyond simply restoring access to encrypted files. Many ransomware groups now operate as "Ransomware-as-a-Service" (RaaS), where the malware's developers lease their tools and infrastructure to affiliate attackers in exchange for a cut of the ransom proceeds, dramatically lowering the technical skill required to launch an attack. Defending against ransomware relies on layered controls: Endpoint Detection and Response (EDR) tools to detect and block encryption behavior in progress, regular offline or immutable backups so encrypted data can be restored without paying, prompt patching of exploited vulnerabilities, and employee training to reduce successful phishing attempts. Security agencies generally advise against paying ransoms, since payment funds future attacks and provides no guarantee that stolen data won't still be leaked or that decryption will actually work. Ransomware has evolved from opportunistic attacks against individual consumers into large-scale, targeted operations against hospitals, municipal governments, and large enterprises, where the disruption of critical operations creates enormous pressure to pay quickly, making it one of the most significant ongoing threats tracked by Threat Intelligence teams worldwide.

Key Concepts

  • Encrypts victim files and demands payment, typically in cryptocurrency
  • Frequently gains initial access via phishing or unpatched vulnerabilities
  • Double extortion combines encryption with data-theft and leak threats
  • Ransomware-as-a-Service (RaaS) lowers the barrier to launching attacks
  • Best defended with layered controls: backups, EDR, patching, and training
  • Security agencies generally advise against paying demanded ransoms
  • Has evolved from opportunistic consumer attacks to targeted enterprise campaigns

Use Cases

Understanding the primary threat driving modern incident response programs
Justifying investment in immutable, offline backup strategies
Informing employee phishing-awareness training programs
Shaping EDR and endpoint hardening priorities to detect encryption behavior
Guiding executive decision-making around ransom payment policy
Assessing third-party and supply-chain risk from ransomware exposure

Frequently Asked Questions