← All glossary terms Glossary

What is Ransomware?

Malicious software that encrypts your data and demands payment for the key — often combined with data theft and extortion.

Ransomware encrypts a victim's data and demands payment for the key to unlock it. Modern ransomware crews almost always also steal data before encrypting, and threaten to publish it if the ransom is not paid — a tactic called double extortion. Ransomware is rarely the first action in an attack: it follows initial access, credential theft, lateral movement, and reconnaissance — usually hours or days earlier. Catching those earlier stages is the difference between a contained incident and a full encryption event.

  • Modern attacks steal data before encrypting it — known as double extortion.
  • Encryption is the last step, usually preceded by days of detectable intrusion.
  • Offline or immutable backups are what make recovery possible without paying.

En français

Rançongiciel

Un logiciel malveillant qui chiffre vos données et exige un paiement pour la clé — souvent jumelé au vol de données et à l'extorsion.

Un rançongiciel chiffre les données d'une victime et exige un paiement pour obtenir la clé de déchiffrement. Les groupes modernes volent presque toujours les données avant de les chiffrer et menacent de les publier si la rançon n'est pas payée — une tactique appelée double extorsion. Le rançongiciel est rarement la première action d'une attaque : il suit l'accès initial, le vol d'identifiants, le déplacement latéral et la reconnaissance, souvent des heures ou des jours plus tôt. Détecter ces étapes antérieures fait la différence entre un incident contenu et un chiffrement complet.

Ransomware: frequently asked questions

Should you pay a ransomware ransom?

Authorities generally advise against it: payment funds crime, doesn't guarantee recovery, and marks you as a future target. Tested offline backups and an incident-response plan are the reliable alternative.

How does ransomware get in?

Most often through phishing, stolen or weak credentials, or unpatched internet-facing systems. Catching that initial access early is what prevents a full encryption event.

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team