FAQ

Ransomware is a type of malware that encrypts the files on a computer system, rendering them inaccessible, and then demands a ransom in exchange for the decryption key. It is one of the most widespread cyber threats: according to the ENISA 2024 report, ransomware attacks increased by 37% in Europe between 2022 and 2023.

A typical attack process unfolds in four stages:

1. Infection — via phishing, unpatched vulnerability, exposed RDP, or compromised account
2. Reconnaissance and propagation — the malware maps the network and spreads laterally (duration: from a few hours to several weeks)
3. Encryption — files are encrypted with an asymmetric algorithm (RSA 2048 or 4096 bits) for which only the attacker possesses the private key
4. Extortion — a ransom note is dropped on the system with payment instructions (usually in Bitcoin)

#ransomware definition #ransomware #RSA encryption #ENISA #cyberattack