SecPlusTrainer / Glossary / What is ransomware?
D2 · Threats

What is ransomware?

Ransomware encrypts victim files and demands payment for the decryption key. Modern variants: double extortion (encrypt + steal data), RaaS (Ransomware-as-a-Service), targeting backups.
Defense: offline/immutable backups (attackers target online backups), email/web filtering (infection vectors), EDR (behavioral detection of encryption), network segmentation (limit spread), MFA (prevent credential-based initial access). Recovery without paying: backup restoration + forensics. Never guarantee paying recovers data.

Related Terms

What is adversarial AI in cybersecurity? What is an aggregation attack? What is anti-forensics? What is an attack surface?
← Back to Glossary Practice Questions →