Malicious software that encrypts a victim's files or locks them out of their system, then demands a ransom payment (typically in cryptocurrency) in exchange for the decryption key to restore access.
Malicious software that encrypts a victim's files or locks them out of their system, then demands a ransom payment (typically in cryptocurrency) in exchange for the decryption key to restore access.
Think you've been targeted?
Paste the suspicious content here for an instant analysis.
No signup · 6 detection layers · Results in seconds · Cmd+Enter
Ransomware has become the most financially devastating form of cybercrime. Attackers encrypt a victim's files — documents, photos, databases — making them completely inaccessible, then demand payment for the decryption key. Global ransomware damage costs are projected to exceed $265 billion annually by 2031.
Modern ransomware gangs operate like businesses, with customer support portals, negotiation teams, and even affiliate programs where they sell their ransomware tools to other criminals in exchange for a percentage of the proceeds (Ransomware-as-a-Service).
Double and triple extortion tactics have emerged: attackers not only encrypt data but also steal it and threaten to publish it publicly if the ransom isn't paid. Some also DDoS the victim's infrastructure as additional pressure.
The 2021 Colonial Pipeline ransomware attack shut down the largest fuel pipeline in the United States for nearly a week, causing fuel shortages across the East Coast. The company paid a $4.4 million ransom, though the FBI later recovered approximately $2.3 million of the payment.