Ransomware
Ransomware
Malicious software that holds your data hostage and demands a ransom to restore access
In Simple Terms
Ransomware is malicious software that encrypts the data on an infected device and demands payment to restore access. Beyond encryption, a tactic known as double extortion has also emerged: stealing data in advance and threatening to publish it online. Infection commonly spreads through email attachments or vulnerabilities in VPN devices, and has caused serious disruptions to hospitals and businesses. Key defenses include keeping systems up to date, enabling multi-factor authentication, and maintaining regular backups.
Behind the Name
The term combines "ransom" — a payment demanded to release a hostage — with "software." The name comes from behavior that resembles holding your data "hostage."
Take a Closer Look!
Ransomware is malicious software that encrypts the data on an infected device without permission, rendering it inaccessible, then demands payment in exchange for a decryption key.
Beyond encrypting data, a tactic known as double extortion has also been reported: stealing data in advance and threatening to publish sensitive information online unless paid.
Businesses and hospitals have been targeted, with real-world incidents resulting in inaccessible medical records and halted production lines.
Infection can occur through multiple routes: opening malicious email attachments or links, exploiting software vulnerabilities, or gaining access through weaknesses and misconfigurations in VPN devices and remote desktop services.
Even if a ransom is paid, there is no guarantee that data will be recovered or that stolen data will be deleted — so demands should never be complied with.
The most effective defenses are maintaining regular backups, keeping operating systems and devices fully up to date, and securing network entry points with multi-factor authentication rather than passwords alone.