Reference

Ransomware & Cybersecurity Glossary

Essential terms and concepts for understanding ransomware threats, defense strategies, and incident response. Plain-language definitions for security professionals and business leaders.

A B C D E I M N P R S V Z

Air-Gapped Backup

Backup copies stored on media physically disconnected from the network, immune to ransomware encryption.

Backup Strategy

A structured plan for creating, storing, and testing data backups to ensure recovery from ransomware attacks.

Bitcoin

Cryptocurrency commonly demanded by ransomware operators for ransom payments due to its pseudonymous nature.

Business Continuity

Planning and processes that ensure critical business functions continue during and after a ransomware incident.

Command and Control (C2)

Infrastructure used by attackers to communicate with and control compromised systems within a victim network.

Dark Web

Encrypted portion of the internet where ransomware groups operate leak sites, sell stolen data, and coordinate attacks.

Data Exfiltration

Unauthorized transfer of data from an organization, often performed before ransomware encryption for double extortion.

Decryption Key

A cryptographic key provided by ransomware operators (sometimes after payment) to unlock encrypted files.

Disaster Recovery

Plans and procedures for restoring IT infrastructure and operations after a catastrophic event like a ransomware attack.

Double Extortion

Ransomware tactic combining data encryption with data theft, threatening to publish stolen data if the ransom is not paid.

Encryption

The process of converting data into an unreadable format — used legitimately for security and maliciously by ransomware.

Endpoint Detection and Response (EDR)

Security solution that continuously monitors endpoints to detect, investigate, and respond to ransomware threats.

Immutable Backup

Backups stored with write-once-read-many (WORM) policies that prevent modification or deletion by ransomware.

Incident Response

The organized approach to detecting, containing, eradicating, and recovering from cybersecurity incidents like ransomware.

Malware

Malicious software designed to damage, disrupt, or gain unauthorized access to computer systems.

Multi-Factor Authentication

Security method requiring two or more verification factors to access accounts, blocking credential-based ransomware access.

Network Segmentation

Dividing a network into isolated segments to contain ransomware lateral movement and limit blast radius.

Patch Management

The process of identifying, testing, and deploying software updates to fix vulnerabilities exploited by ransomware.

Phishing

Fraudulent communications disguised as legitimate sources to trick victims into revealing credentials or installing malware.

Ransomware

Malicious software that encrypts files and demands payment for the decryption key, often causing catastrophic business disruption.

Ransomware-as-a-Service (RaaS)

Business model where ransomware developers lease their tools to affiliates who carry out attacks for a share of the profits.

Social Engineering

Psychological manipulation techniques used to trick people into revealing information or performing actions that enable attacks.

Spear Phishing

Targeted phishing attacks customized for specific individuals using personal information to increase credibility.

Vulnerability Scanning

Automated process of identifying security weaknesses in systems and software before attackers can exploit them.

Zero Trust

Security architecture that eliminates implicit trust, requiring verification for every user and device accessing resources.

Protect Your Organization from Ransomware

Understanding the terminology is the first step. Let our experts help you build defenses against these threats.