Skip to main contentSkip to main content
    Back to Glossary
    security
    2 min read

    Ransomware

    Ransomware is malicious software that encrypts victim data and demands payment for the decryption key, often with threats to publicly release stolen data.

    Ransomware is a type of malware that encrypts victim files and demands ransom payment for the decryption key. Modern ransomware also exfiltrates data for double extortion.

    Attack lifecycle: 1. Initial Access: Phishing, RDP vulnerability, supply chain 2. Persistence: Establish backdoors, create accounts 3. Discovery: Map network, identify valuable targets 4. Lateral Movement: Spread to other systems 5. Exfiltration: Steal data before encryption 6. Encryption: Deploy ransomware, encrypt files 7. Extortion: Demand payment, threaten data release

    Defense strategies: - Immutable, offline backups (3-2-1 rule) - EDR/XDR with ransomware-specific detection - Network segmentation to limit spread - Privileged access management - Email filtering and user training - Patch management for known CVEs

    Paying ransom is controversial—funds criminal groups and doesn't guarantee recovery.

    Why It Matters

    Ransomware is the most financially devastating cyber threat, with average total costs exceeding $4.5 million per incident including downtime, recovery, and reputational damage. Modern double-extortion ransomware not only encrypts data but also exfiltrates it, threatening public release even if you restore from backups. Immutable, tested backups combined with EDR, network segmentation, and employee training provide the most effective defense against this evolving threat.

    Key Points

    Double extortion now standard (encrypt + data leak threat)
    Immutable backups are the most important defense
    Average downtime is 21 days after attack
    Ransom payments don't guarantee data recovery
    Prevention is more cost-effective than recovery

    Applicable Compliance Frameworks

    SOC 2ISO 27001HIPAANIST CSF

    Related Terms

    Backup Strategy

    A backup strategy defines how an organization protects data through regular copies, including what to back up, how often, where to store backups, and how to verify they can be restored.

    Incident Response

    Incident response is a structured approach to preparing for, detecting, containing, and recovering from security incidents while minimizing damage.

    Malware Protection

    Malware protection encompasses technologies and practices to prevent, detect, and remove malicious software including viruses, ransomware, spyware, and trojans.

    Frequently Asked Questions

    Should I pay the ransom?

    Generally not recommended. Payment funds criminals, doesn't guarantee recovery, and may be illegal if attackers are sanctioned entities.

    How do I protect against ransomware?

    Immutable backups, EDR, network segmentation, patching, least privilege, and user training. No single control is sufficient.

    Related Services & Resources

    Service

    Vanta Implementation

    Expert Vanta deployment with 80+ integrations configured in 4-6 weeks

    Learn more
    Service

    Drata Implementation

    Full Drata setup with automated evidence collection and control mapping

    Learn more
    Standard

    PCI DSS Compliance

    Payment card industry data security standards

    Learn more
    Standard

    GDPR Compliance

    EU data protection and privacy regulations

    Learn more
    Resource

    SOC 2 Complete Guide

    Everything you need to know about achieving SOC 2 compliance

    Learn more
    Resource

    HIPAA Checklist

    Comprehensive checklist for HIPAA compliance requirements

    Learn more

    Need Help with Ransomware?

    Our experts can help you understand and implement the right controls for your organization.

    Talk to an ExpertBrowse All Terms