Cyber Doc logo Cyber Doc
Cybersecurity Term

What is ransomware?

Malware that locks or encrypts files and demands payment before access is restored.

Malware & Ransomware Last reviewed: 2026-05-20

← Back to Learn Centre

What is ransomware?

Ransomware is malware that locks or encrypts files and demands payment to restore access.

Simple example

A business arrives on Monday to find shared files renamed and inaccessible, with a ransom note on affected systems.

Why it matters

Ransomware can stop operations, damage data, expose information, and create major recovery costs.

Common warning signs

  • The activity is unexpected or unusual for the business context.
  • The request or system behaviour creates pressure to act quickly.
  • Normal approval, verification, or security processes are bypassed.
  • There are signs of unauthorised access, data exposure, or system change.
  • Staff are unsure whether the request, message, or system behaviour is legitimate.

Cyber Doc view

This term should be understood in business context, not only as a technical issue. Good protection usually combines clear processes, appropriate technical controls, staff awareness, and a calm response plan.

What to do

Proactive steps

  • Maintain tested offline or immutable backups.
  • Patch internet-facing systems quickly.
  • Use endpoint protection and monitoring.
  • Restrict administrator rights.
  • Prepare an incident response plan.

Reactive steps

  • Isolate affected systems from the network.
  • Do not rush to restore before understanding the spread.
  • Preserve ransom notes, logs, and affected files for investigation.
  • Engage incident response support early.
  • Validate backups before recovery.

Related terms

  • Backup
  • Incident response
  • Malware