Malware that encrypts a victim's files and demands payment (usually cryptocurrency) for the decryption key. Modern ransomware also threatens to publish stolen data if ransom isn't paid (double extortion).

What is Ransomware? | Privacy Glossary

Ransomware turns encryption—normally a privacy tool—into a weapon. Your files are encrypted with a key only the attacker has, and you must pay to get them back... maybe.

How Ransomware Works

Infection: Phishing, exploit, or download
Spread: Moves through network
Encryption: Files locked with strong encryption
Ransom note: Demands payment, usually crypto
Timer: Price increases or files deleted
Payment (maybe): Key provided (maybe)

Evolution of Ransomware

Early Ransomware

Weak encryption (crackable)
Simple payment methods
Individual targets

Modern Ransomware

Military-grade encryption
Cryptocurrency payment
Double extortion (encrypt + threaten to leak)
Ransomware-as-a-Service (RaaS)
Targets organizations for big payouts

Notable Ransomware

WannaCry (2017): Exploited Windows vulnerability, global impact
NotPetya (2017): Disguised as ransomware, actually destructive
REvil/Sodinokibi: Major RaaS operation
LockBit: Currently active, highly sophisticated

Should You Pay?

Arguments Against

No guarantee of decryption
Funds criminal enterprise
May be targeted again
Some ransomware is actually destructive

Arguments For

Sometimes only option
Business needs may demand it
Attackers have reputation incentive to decrypt

FBI Recommendation

Don't pay, but also understand each situation is different.

Protection

Prevention

Regular, offline backups (tested!)
Keep systems patched
Email filtering
User training
Network segmentation

Detection

Endpoint detection and response
Behavioral analysis
File integrity monitoring

Recovery

Restore from backups
No decryptor guarantees
Report to law enforcement
Check nomoreransom.org for free decryptors

What is Ransomware?