Ransomware
Also known as: Crypto-ransomware, Crypto-malware
Malicious software that encrypts a victim's files and demands payment (usually in cryptocurrency) in exchange for the decryption key.
Definition
Ransomware is a category of malware designed to extort victims by encrypting their files and demanding ransom for the decryption key. Modern ransomware often combines encryption with data theft: attackers exfiltrate data before encrypting it, then threaten to publish the stolen data publicly if the ransom is not paid (double extortion).
Small businesses are now the primary target for ransomware attacks. Entry vectors include phishing emails, compromised remote desktop protocols, and unpatched software vulnerabilities. Average ransom payments for small businesses range from $15,000 to $50,000, with total incident costs (downtime, recovery, remediation) often 3-10x the ransom itself.
Small businesses are now the primary target for ransomware attacks. Entry vectors include phishing emails, compromised remote desktop protocols, and unpatched software vulnerabilities. Average ransom payments for small businesses range from $15,000 to $50,000, with total incident costs (downtime, recovery, remediation) often 3-10x the ransom itself.
Example
A dental practice's office manager opens a phishing email attachment. Ransomware installs silently, waits 14 days for backup cycles to be overwritten, then encrypts all patient records and scheduling systems. The attacker demands $25,000 to restore access.
Important Distinctions
Paying the ransom does not guarantee file recovery. Decryption keys sometimes fail, attackers sometimes demand more after initial payment, and law enforcement may have legal concerns about payments going to sanctioned entities. The best protection is tested offline backups that make paying unnecessary.