SD Cyber Security
Cybersecurity Glossary

Ransomware

Malicious software that encrypts a victim’s files, systems, or entire networks, rendering them inaccessible until a ransom is paid to the attackers for a decryption key.

Understanding Ransomware

Ransomware is a category of malware that denies access to data through encryption, then demands payment -- typically in cryptocurrency -- for restoration. Modern ransomware attacks are carried out by organized criminal enterprises that conduct extensive reconnaissance, move laterally through networks, exfiltrate data, destroy backups, and deploy encryption across entire domains simultaneously. The Ransomware-as-a-Service (RaaS) model has professionalized the ecosystem, dramatically increasing attack volume and sophistication.

Double extortion has become standard practice: attackers steal sensitive data before encrypting systems, threatening to publish it on dark web leak sites if the ransom is not paid. This means even organizations with good backups face pressure to pay to prevent data disclosure. Average ransom demands now exceed $1 million for enterprise targets, with total incident costs (downtime, recovery, legal, reputational) averaging $4.5 million or more.

Ransomware Defense

Effective ransomware defense requires layered controls: EDR on all endpoints to detect and contain ransomware before it spreads, MFA to prevent credential-based initial access, email security to block phishing delivery, regular patching to close exploitation vectors, network segmentation to limit lateral movement, and immutable backups that cannot be encrypted or deleted by attackers. MDR services add 24/7 monitoring and rapid response that can contain a ransomware attack in minutes rather than hours or days.

Ransomware Risk in San Diego

San Diego’s healthcare organizations, defense contractors, and financial services firms are high-value ransomware targets due to the sensitivity of their data and the critical nature of their operations. Healthcare organizations face additional pressure because ransomware can directly impact patient safety. The FBI’s San Diego field office handles ransomware investigations, and having a local incident response provider on retainer significantly reduces response time when an attack occurs.

Related Terms

Phishing

Primary delivery method for ransomware attacks

Incident Response

Process for handling ransomware attacks

Endpoint Detection and Response (EDR)

Primary defense technology against ransomware

Encryption

Technology weaponized by ransomware

Protect Against Ransomware

Build layered defenses against ransomware threats. Free assessment for San Diego businesses.

Get Free Assessment Back to Glossary