Ransomware
Ransomware is a type of malware that encrypts a victim's files or locks them out of their systems, demanding a ransom payment in exchange for the decryption key or restoration of access.
Ransomware is one of the most financially devastating forms of cyberattack. When ransomware infects a system, it encrypts files using strong cryptographic algorithms, rendering them inaccessible to the victim. The attacker then demands payment, typically in cryptocurrency, in exchange for the decryption key. Modern ransomware operations have evolved into a double-extortion model where attackers also exfiltrate sensitive data before encryption, threatening to publish it if the ransom is not paid.
Ransomware is commonly delivered through phishing emails containing malicious attachments or links, exploitation of vulnerabilities in internet-facing services (such as RDP or VPN appliances), and supply chain compromises. Once inside a network, ransomware operators often spend days or weeks performing reconnaissance, escalating privileges, disabling security tools, and moving laterally to maximize the impact of encryption. This human-operated approach has replaced the automated, spray-and-pray tactics of earlier ransomware campaigns.
The ransomware landscape is dominated by the Ransomware-as-a-Service (RaaS) model, where ransomware developers provide their malware and infrastructure to affiliates who carry out attacks in exchange for a percentage of ransom payments. Notable ransomware families and incidents include WannaCry, NotPetya, REvil, Conti, LockBit, and the Colonial Pipeline attack, which disrupted fuel supplies across the eastern United States.
Preventing and mitigating ransomware requires a comprehensive approach: maintaining offline, tested backups is the most critical defense. Organizations should also implement network segmentation, restrict administrative privileges, keep systems patched, deploy EDR solutions, enable multi-factor authentication, monitor for suspicious activity, and develop and regularly test an incident response plan that includes ransomware-specific playbooks. Law enforcement agencies generally advise against paying ransoms, as payment does not guarantee data recovery and funds criminal operations.