Ransomware
Definition
Ransomware is malicious software that encrypts files or systems and demands payment for decryption. It is one of the most impactful forms of cybercrime for organisations.
In a ransomware attack, malware infects an organisation's network, encrypts files and blocks access to systems. Attackers then demand payment, often in cryptocurrency, in exchange for the decryption key.
Modern ransomware attacks are double-edged: in addition to encryption, attackers also steal data and threaten to publish it (double extortion). Attack vectors include phishing emails, unpatched vulnerabilities and stolen RDP access.
Prevention involves regular backups, network segmentation, endpoint protection and 24/7 threat monitoring. DEFION offers incident response specifically for ransomware attacks.