What is Ransomware Defense?
Strategies and practices for preventing, detecting, and recovering from ransomware attacks that encrypt your data and demand payment.
Ransomware encrypts your files and demands payment for the decryption key. It's the most financially impactful cyber threat.
Prevention
- Keep all software updated (patches close exploitation routes)
- Don't open unexpected email attachments
- Use a reputable antivirus/endpoint protection
- Disable macros in Office documents
- Implement least-privilege access
- Segment networks to limit lateral movement
Recovery
- Offline backups: The single most important defense. Maintain regular, offline backups that ransomware can't reach.
- 3-2-1 rule: 3 copies, 2 different media types, 1 offsite
- Test restores: Verify backups actually work before you need them
To Pay or Not
- FBI recommends not paying (it funds criminal operations)
- No guarantee you'll get the decryption key
- Paying makes you a target for repeat attacks
- Some ransomware decryptors are available for free (No More Ransom project)
Related Terms
Encryption at Rest
Encryption applied to data stored on disks, databases, or other storage media. When data is 'at rest' (not actively being transmitted), encryption protects it from unauthorized access if storage devices are stolen or compromised.
Malware
Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems. Malware includes viruses, ransomware, spyware, trojans, and worms—each with different infection methods and objectives.
Ransomware
Malware that encrypts a victim's files and demands payment (usually cryptocurrency) for the decryption key. Modern ransomware also threatens to publish stolen data if ransom isn't paid (double extortion).
Have more questions?
Use our guided flow to get the right next privacy step for Ransomware Defense.
Open Guided Flow