What is ransomware?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Imagine you come into work one morning, open your laptop, and every file on your computer is locked. A message fills the screen: pay up, or lose everything. That's ransomware in practice.
Ransomware is a type of malicious software that encrypts your files so you can't access them, then demands payment in exchange for the decryption key. The attacker holds your data hostage. You pay, you (maybe) get your files back. You don't pay, and they stay locked forever (or worse, get published publicly).
The "maybe" part is worth dwelling on. There's no contract here. Some victims pay and get their files back. Others pay and get nothing. And even when decryption works, attackers sometimes come back for a second round knowing you'll pay again.
So why does this keep working? Two reasons. First, encryption is genuinely hard to reverse without the key. Modern ransomware uses the same cryptographic standards that protect online banking. Without the attacker's key, your files aren't coming back through brute force. Second, cryptocurrency lets attackers collect ransoms with almost no paper trail. Bitcoin payments are hard to trace back to a real identity, which made this kind of extortion far more scalable than it was when cash or wire transfers were the only options.
Modern ransomware attacks often add another layer of pressure called double extortion. Attackers don't just encrypt your files. They copy them first. Now they're threatening two things at once: they'll keep your files locked AND they'll publish your sensitive data publicly unless you pay. For businesses holding customer records, health data, or financial information, that threat alone can force a payment even if backups exist.
Email is the most common delivery method. An attachment arrives disguised as an invoice, a shipping notice, or a shared document. One click, and the ransomware installs itself quietly and starts encrypting files in the background. By the time the ransom message appears, the damage is already done. You can read more about how ransomware spreads through email specifically if you want the full picture.
The real cost isn't just the ransom. It's the days or weeks of downtime, the IT recovery work, potential regulatory fines if personal data was exposed, and the reputational hit that follows a breach. Prevention genuinely is cheaper than the cleanup (and that's not just something security vendors say to sell products).
If you're wondering whether something you received could be a real ransomware threat or just a scare tactic, there's an important distinction worth knowing. Real ransomware actually encrypts your system before demanding payment. Fake threats claim to have your data without ever touching your device. Those are a different kind of scam entirely, and you can read about ransom phishing scams to understand how to tell the two apart.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.