GLOSSARY / Ransomware
What is Ransomware?
Malware that encrypts a victim’s files (and often steals them first) and demands payment for the decryption key.
Ransomware operators typically gain access via phishing, exposed RDP, or unpatched vulnerabilities, move laterally to maximize impact, exfiltrate data for double extortion, then deploy the encryptor across the network.
Ransomware-as-a-Service (RaaS) lets affiliates rent the malware and infrastructure, splitting profits with the developers — which has industrialized these attacks.
Maintain offline, tested backups; patch internet-facing systems fast (check the CISA KEV catalog); segment networks; and enforce MFA on remote access.
Related free tools
Related terms
Part of the Ciphers Security glossary. Free reference for analysts, defenders & learners.