What Is Ransomware?

Ransomware is malicious software that locks or encrypts a victim's files and demands a ransom payment — usually in cryptocurrency — in exchange for the decryption key. It has become one of the most costly and disruptive threats in cybersecurity, targeting individuals, hospitals, schools, and corporations alike.

How a Ransomware Attack Works

1. The attacker delivers ransomware via a phishing email, malicious download, or unpatched vulnerability.
2. Once executed, it scans your system for valuable files (documents, photos, databases).
3. It encrypts all found files using strong encryption — often AES-256.
4. A ransom note appears, typically demanding payment in Bitcoin or Monero within a deadline.
5. Paying does not guarantee file recovery — many victims pay and receive no key.

Famous Ransomware Examples

How to Protect Against Ransomware

• Back up regularly — The 3-2-1 rule: 3 copies, 2 different media types, 1 offsite or offline
• Keep all software patched and updated — most ransomware exploits known vulnerabilities
• Never open unexpected email attachments, even from known contacts
• Disable macro execution in Office documents by default
• Segment your network so ransomware cannot spread laterally to all systems
• Use endpoint detection tools that can block suspicious encryption behaviour

People Also Ask

Should I pay the ransom?

Law enforcement agencies and security experts advise against paying. It funds criminal operations, does not guarantee recovery, and marks you as a target willing to pay. Your best protection is having backups that make the ransom irrelevant.

Can ransomware be decrypted without paying?

Sometimes. Security researchers and law enforcement have released free decryption tools for many ransomware strains. Check nomoreransom.org before considering payment.

Related: Malware | Data breach | Encryption