← All glossary terms Glossary

What is Ransomware?

Malicious software that encrypts your data and demands payment for the key — often combined with data theft and extortion.

Ransomware encrypts a victim's data and demands payment for the key to unlock it. Modern ransomware crews almost always also steal data before encrypting, and threaten to publish it if the ransom is not paid — a tactic called double extortion. Ransomware is rarely the first action in an attack: it follows initial access, credential theft, lateral movement, and reconnaissance — usually hours or days earlier. Catching those earlier stages is the difference between a contained incident and a full encryption event.

Keep learning

Related terms

Zero Trust

A security model that trusts no user or device by default — even inside the corporate network — and verifies every access request continuously.

Read definition →

Vulnerability Management

The ongoing process of finding, prioritizing, and fixing security weaknesses in your systems before attackers exploit them.

Read definition →

Incident Response (IR)

The structured process of containing, investigating, eradicating, and recovering from a security incident — ideally guided by a tested plan.

Read definition →

Business Email Compromise (BEC)

A scam where attackers take over or impersonate a business email account to redirect payments or steal sensitive information.

Read definition →

Want to talk through how this fits your environment?

Book a no-obligation consultation and we'll explain how this plays out for an organization like yours.

Talk to our team