Security

Ransomware

Malware that encrypts a victim's files or systems and demands payment (ransom) in exchange for the decryption key or to prevent data publication.

Also known as:Crypto MalwareExtortion Malware

What is Ransomware?

Ransomware is a type of malicious software that encrypts a victim's files or locks their system, demanding payment (usually in cryptocurrency) to restore access. Modern ransomware often includes data theft and threats to publish stolen information.

Ransomware Types

Crypto Ransomware

  • Encrypts files
  • Most common type
  • Demands decryption key payment

Locker Ransomware

  • Locks system access
  • Screen lockers
  • Less common now

Double Extortion

  • Encrypts AND steals data
  • Threatens publication
  • Increased pressure

Triple Extortion

  • Adds DDoS attacks
  • Contacts victims' customers
  • Maximum pressure

Attack Vectors

  • Phishing emails
  • RDP exploitation
  • Software vulnerabilities
  • Supply chain attacks
  • Malvertising

Notable Ransomware Families

  • LockBit
  • ALPHV/BlackCat
  • Clop
  • Royal
  • REvil (inactive)

Prevention

Technical Controls

  • Regular backups (offline/immutable)
  • Patch management
  • Endpoint protection
  • Network segmentation
  • Email filtering

Operational

  • Security awareness training
  • Incident response planning
  • Access controls
  • Monitoring and detection

Response Considerations

Don't Pay

  • Funds criminal operations
  • No guarantee of recovery
  • May be targeted again

Recovery Options

  • Restore from backups
  • Decryption tools (if available)
  • Professional assistance

Reporting

  • Law enforcement (FBI, etc.)
  • CISA
  • Cyber insurance
Previous

Quantization

Next

Rate Limiting