Ransomware

Ransomware is malware that encrypts an organization's data and demands a ransom for its release.

Modern ransomware often combines encryption with data theft ("double extortion").

Before the encryption stage, attackers usually move laterally and establish C2 — activity that is visible on the network well before the ransom note appears.

The pre-encryption stages — lateral movement and C2 — are where network visibility can surface activity early.

AEGYS Monitor

RELATED TERMS

Lateral Movement
Command-and-Control (C2)
APT — Advanced Persistent Threat