Ransomware

Ransomware encrypts files, databases, virtual machines or whole storage volumes and then displays a note demanding cryptocurrency in exchange for the decryption key. Modern operators usually run "double-extortion" campaigns: they steal data before encryption and threaten to publish it on leak sites if the victim refuses to pay. Initial access is typically gained through phishing, exposed RDP/VPN portals, software vulnerabilities, or compromised credentials. Effective defences include offline and immutable backups, EDR/XDR, MFA on remote access, rapid patching, network segmentation, and a tested incident response plan. Paying does not guarantee recovery and may fund further attacks.