What Is Ransomware?

Ransomware is a type of malicious software, also known as malware. It encrypts a victim’s data until the attacker is paid a predetermined ransom. Typically, the attacker demands payment in a form of cryptocurrency such as bitcoin. Only then will the attacker send a decryption key to release the victim’s data.

A number of ransomware variants have appeared in recent years, which we’ll describe in greater detail below. We will also explain how you can protect your system against future attacks.

How does ransomware work?

Ransomware is typically distributed through a few main avenues. These include email phishing, malvertising (malicious advertising), and exploit kits. After it is distributed, the ransomware encrypts selected files and notifies the victim of the required payment. Watch ransomware attack demo video.

How do I protect myself from ransomware?

Back up all your data

In the event of an attack, you can power down the endpoint, reimage it, and reinstall your recent backup. You’ll have all your data and you’ll prevent the ransomware from spreading to other systems.

Patch your systems

Make a habit of updating your software regularly. Patching commonly exploited third-party software will foil many attacks.

Educate users on attack sources

The weakest link in the security chain is usually human. Educate your users on whom and what to trust. Empower them not to fall for phishing or other schemes.

Protect your network

Take a layered approach, with security infused from the endpoint to email to the DNS layer. Use technologies such as a next-generation firewall (NGFW) or an intrusion prevention system (IPS).

Segment network access

Limit the resources that an attacker can access. By dynamically controlling access at all times, you help ensure that your entire network is not compromised in a single attack.

Keep a close eye on network activity

Being able to see everything happening across your network and data center can help you uncover attacks that bypass the perimeter. Deploy a demilitarized zone (DMZ) or add a layer of security to your local area network (LAN).

Prevent initial infiltration

Most ransomware infections occur through an email attachment or a malicious download. Diligently block malicious websites, emails, and attachments through a layered security approach and a company-sanctioned file-sharing program.

Arm your endpoints

Antivirus solutions on your endpoints don’t suffice anymore. Set up privileges so they perform tasks such as granting the appropriate network shares or user permissions on endpoints. Two-factor authentications will also help.

Gain real-time threat intelligence

Know your enemy. Take advantage of threat intelligence from organizations such as Talos to understand security information and emerging cybersecurity threats.

Say no to ransom

Never, ever pay the ransom. There’s no guarantee you’ll get your data back, and you’re only fueling the cybercriminals for more attacks.

Recent ransomware variants

The list goes on...

Ransomware variants of all types are discovered through the powerful research of Talos, our world-class threat intelligence group. To find out more about recent threats such as CryptoLocker, WannaCry, TeslaCrypt, Nyetya, and more, head over to the Talos blog.

Get started

Learn more about Cisco products and solutions for protecting against ransomware:

Learning Center

What is Ransomware?

Ransomware is a type of malicious software. It is designed to extort money by blocking access to files or the computer system until the ransom is paid.

What is Malware?

Malware is intrusive software that is designed to damage and destroy computers and computer systems. Malware is a contraction for “malicious software.”

What is Phishing

Phishing is the practice of sending fraudulent emails that resemble emails from reputable sources. The aim is to steal sensitive data like credit card numbers and login information.

Chat live with a Cisco representative


  • Welcome to Cisco!
  • How can I help you?