What Is Ransomware?
The attack, the costs, and why it matters to everyone.
What Is Ransomware?
Ransomware is malware that locks your files and demands payment to unlock them.
How It Works
- Infection: Malware gets onto your system (phishing email, malicious link, weak password)
- Encryption: Attacker encrypts your files so they're unusable
- Ransom: Attacker demands payment to give you the decryption key
- Outcome: Pay and hope they give you the key, or lose the data
The Reality
Don't pay. It funds criminals. It doesn't guarantee decryption. No backup, no recovery. If you don't have backups, you lose the data. Entire company affected. A network-level attack can lock up hundreds of systems. Expensive. Ransom demands range from thousands to millions of dollars. Time-consuming. Recovery can take weeks or months.
The Phases
Phase 1: Initial Access Attacker gets in via phishing, weak password, or unpatched system.
Phase 2: Reconnaissance Attacker explores your network to understand what matters (databases, servers, backups).
Phase 3: Lateral Movement Attacker spreads through your network to high-value targets.
Phase 4: Encryption Attacker locks everything and demands payment.
Your Job
Prevent Phase 1. If that fails, catch it in Phases 2 or 3 before encryption happens.
Knowledge check
What's the most important defense against ransomware?