What Is Ransomware?

Ransomware is a type of malware that encrypts a victim's files or locks them out of their system, then demands payment — typically in cryptocurrency — in exchange for restoring access.

How Ransomware Typically Spreads

  • Phishing emails with malicious attachments or links.
  • Exploiting unpatched software vulnerabilities.
  • Compromised remote access credentials.
  • Malicious advertisements or drive-by downloads from compromised websites.

Paying a ransom does not guarantee file recovery and can encourage further attacks. Prevention and backups are the strongest defense.

Prevention Strategies

  1. Maintain regular, offline or immutable backups of important data.
  2. Patch operating systems and software promptly.
  3. Restrict administrative privileges to only those who need them.
  4. Train users to recognize phishing attempts, a top ransomware delivery method.
  5. Segment networks to limit how far ransomware can spread if one system is compromised.

If You Suspect an Infection

Disconnect the affected device from the network immediately to prevent further spread, notify your IT or security team, and avoid paying any ransom demand without professional guidance. Restoring from a clean backup is generally the safest recovery path.