What is Ransomware?

Ransomware is everywhere. In 2021, ransomware was involved in at least 10% of breaches. Businesses in Healthcare, Financial Services, and Professional/Legal Services are consistently on the list of "most at risk" of ransomware attacks. So what is ransomware? What are the specifics that we as businesses need to understand to educate ourselves and our organizations on this imminent risk?

What Is Ransomware And How Does It Work?

Ransomware is malware that encrypts data on a computer or network into an unreadable format until a sum of money, or ransom, is paid. Threat actors hold the readable data hostage during a ransomware attack until the ransom is paid. Then, the threat actor promises to give the victim the means to decrypt the data into a readable format. Ransomware is just one of the many attack tactics in a threat actor's toolkit. When run, the ransomware program will scan the file storage disk for files to encrypt, typically documents, spreadsheets, etc. The files are encrypted with a key that only the attackers know, thus preventing access to the files.


Key Terms


Data exfiltration: The process of transferring data from one system or device to another without authorized access.

Decryption: The process of converting data from an unreadable format into a readable format.

Decryption key: A code that enables victims of ransomware attacks to decrypt their data into a readable format.

Double extortion: During a ransomware attack, double extortion occurs when attackers threaten to publicly release data unless a ransom amount is paid.

Dwell time: The time that an attacker is present in a victim's environment before they're detected.

Encryption: The process of converting data from a readable format into an unreadable format.

Foothold: The virtual spot an attacker secures in an environment through persistence, allowing the attacker to maintain access through system disruptions.

Malware: Software designed to disrupt, damage, or help an unauthorized user gain access to a computer or network.

Persistence: A stealthy attack tactic that threat actors use to gain and keep unauthorized access to a virtual environment.

Phishing: A type of (usually email-based) cyberattack that occurs when threat actors disguise themselves as legitimate entities to attempt to trick users into revealing personally identifiable or sensitive information.

Ransomware: A type of malware that encrypts a user's data and requires some type of payment to the attacker for decryption to occur.

Ransomware as a Service (RaaS): A business model that enables threat actors to obtain (for a fee) malicious code to conduct their own ransomware attacks.

Ransomware group: Organized groups of threat actors that work to organize and execute sophisticated ransomware-based cyberattacks.

Ransom note: A message delivered to the victim of a ransomware attack that identifies the threat actor's demands that must be met for decryption to occur.


Ransomware infections can be prevented through a combination of preventive measures and cybersecurity education. To learn more about how to prevent a malicious ransomware attack on your business, contact your Pendello Solutions team today.