Types
Ransomware
Malware that encrypts or withholds access to data and demands payment, increasingly paired with data theft for double extortion.
Ransomware is malware designed to deny access to data or systems — typically by encrypting files — until a ransom is paid. Modern ransomware operations run as ransomware-as-a-service (RaaS), where a core team develops the malware and affiliates carry out intrusions for a cut of the proceeds.
Key characteristics
- Encryption of victim files (often AES for speed, RSA/ECC to wrap keys).
- Double extortion — data is exfiltrated and threatened with public release on a leak site.
- Shadow-copy and backup destruction to prevent recovery.
How to respond
Maintain offline, tested backups; segment networks; and treat any encryptor detection as a full incident. Real-world ransomware incidents and their financial impact are tracked on Cyber Breaches.