Ransomware
Malware that encrypts victim data and demands payment for the decryption key.
Full Definition
Ransomware is a type of malware that encrypts a victim's files or systems and demands a ransom payment — typically in cryptocurrency — in exchange for the decryption key. Modern ransomware operations are sophisticated criminal enterprises that operate on a ransomware-as-a-service (RaaS) model, where developers lease their tools to affiliates who conduct the actual attacks.
Contemporary "double extortion" attacks go further: attackers exfiltrate sensitive data before encrypting it, threatening to publish it on a "leak site" if the ransom is not paid. Some operations practice "triple extortion," additionally threatening DDoS attacks or directly contacting the victim's customers and partners.
The ransomware attack chain typically begins with initial access (often through phishing, exposed RDP, or credentials purchased from initial access brokers) followed by lateral movement, data exfiltration, and encryption. Intelligence into threat actor tactics and stolen credential monitoring are essential for prevention.
Related Terms
Initial Access Broker (IAB)
A cybercriminal who specializes in breaching networks and selling that access to other threat actors.
Threat ActorsLateral Movement
Techniques used by attackers to progressively move through a network after initial compromise.
Attack TypesData Breach
A security incident in which protected or confidential data is accessed, stolen, or disclosed without authorization.
Data & LeaksMalware
Any software intentionally designed to cause harm, disrupt, or gain unauthorized access to systems.
Malware & InfrastructureMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.