Ransomware is malicious software that encrypts a victim’s files or systems and demands payment in exchange for the decryption key. Modern ransomware groups operate with negotiation teams and tiered pricing based on the size of the target organization.
The threat has evolved beyond simple file encryption. Double extortion ransomware exfiltrates data before encrypting it, threatening to publish sensitive information publicly if the ransom is not paid.
CISSP Relevance
Ransomware defense spans Domain 7 (Security Operations), Domain 1 (Security and Risk Management), and Domain 2 (Asset Security). CISSP candidates must understand both technical defenses and the incident response procedures for managing a live ransomware attack.
External reference: CISA StopRansomware Resource Hub
Related terms: Malware, Incident Response