Ransomware

Ransomware is a form of malware that seizes control of a victim's data or device by locking or encrypting files, thereby blocking access until a ransom is paid. Recent attacks have progressed beyond basic extortion, frequently incorporating the threat of leaking sensitive information—known as double extortion—to intensify pressure on victims.

The first known ransomware incident, the AIDS Trojan, was recorded in 1989. The threat significantly escalated in the mid-2000s, with initial activity concentrated in Russia. Early versions employed straightforward tactics such as locking files or posing as law enforcement to extort money from victims.

The contemporary phase began around 2013 with the introduction of robust encryption and cryptocurrency payments, which increased the severity of attacks. This development was further propelled by the emergence of Ransomware-as-a-Service (RaaS) and double-extortion strategies. These innovations heightened the threat landscape by making malware more widely available and incorporating data theft into the extortion process.

Ransomware perpetrators utilize various techniques to breach systems and execute their malicious payloads. These entry points, referred to as attack vectors, typically take advantage of human mistakes or technical weaknesses to gain initial access. The most prevalent vectors include social engineering and direct network breaches.

Although both ransomware and scareware are types of malware, they operate on fundamentally different extortion principles.