Cybersecurity Glossary: Ransomware

Definition
Like the name implies, ransomware is essentially digital extortion executed through software that uses encryption techniques to keep files — and entire systems — locked from use by their original owner, and holds them hostage until (theoretically) a payment has been made. It is a method of cyberattack.

Once ransomware enters a system, it makes itself known by taking control, encrypting files or complete systems, and blocking user access until requests for payments (often displayed as warning messages) are fulfilled. Unfortunately, there is no guarantee that the keys needed to break the encryption will be returned upon payment.

Significance
This devious malware typically enters a system opportunistically through drive-by downloads, email links, social network messages, and websites; more recently, ransomware has been distributed through aggressive worms and targeted attacks. Ransomware, like many Trojans, are disguised as legitimate files, with the ransom note appearing on screen, often with threats of deletion or publication without payment. The result is often brand damage, costly lawsuits, or lost customer loyalty.

View Cybersecurity Glossary | View next term