Askeal Logo

Ransomware

Ransomware is a form of malware that encrypts data and demands payment from victims to restore access.

What is ransomware?How it typically works?Common techniques & variantsImpactFurther reading

What is ransomware?

Ransomware attacks block access to critical files or systems until a ransom is paid, usually in cryptocurrency. The concept has existed since the late 1980s, but modern ransomware has become highly organized and profitable. Groups such as **LockBit**, **Conti**, and **Ryuk** run global campaigns that target businesses, hospitals, and governments. The **WannaCry** and **NotPetya** outbreaks demonstrated the catastrophic potential of ransomware when paired with worm-like spreading techniques.

How it typically works?

  1. Initial infection: attackers gain entry through phishing, remote desktop compromise, or unpatched vulnerabilities.
  2. Privilege escalation: once inside, the malware attempts to gain administrative rights.
  3. Encryption: files and systems are encrypted using strong algorithms.
  4. Ransom demand: a note is displayed demanding cryptocurrency payment in exchange for a decryption key.

Common techniques & variants

  • Crypto ransomware: encrypts files on endpoints and servers. Examples include WannaCry and LockBit.
  • Locker ransomware: locks the entire system and prevents user access.
  • Double extortion ransomware: steals data before encryption and threatens to leak it if payment is not made. Groups like Conti popularized this approach.
  • Ransomware-as-a-Service (RaaS): criminal groups rent out ransomware tools. REvil and DarkSide are prominent cases.
  • Destructive ransomware: masquerades as ransomware but is designed to destroy data, as seen in NotPetya.

Impact

Ransomware has evolved into one of the most damaging cyber threats. Victims face not only downtime and data loss but also regulatory fines and reputational damage if sensitive data is leaked. The costs of remediation often far exceed ransom payments. For SecOps teams, ransomware is a top priority because it combines technical disruption with business consequences, requiring both security defenses and incident response readiness.

Further reading

  • Europol: Internet Organised Crime Threat Assessment. Read more
  • CISA: Ransomware guidance. Read more
  • NIST: Ransomware Risk Management. Read more
  • Symantec: Ransomware families overview. Read more

Related topics

MalwareTrojansWormsSpywareFileless Malware