The process of converting data into an unreadable format using cryptographic algorithms. Used legitimately to protect sensitive data, and maliciously by ransomware to lock victims out of their files.
Encryption is a fundamental security technology that transforms readable data (plaintext) into an unreadable format (ciphertext) using mathematical algorithms and cryptographic keys. Only someone with the correct decryption key can reverse the process and access the original data. Modern encryption algorithms like AES-256 are mathematically unbreakable with current computing technology — there is no shortcut to recover encrypted data without the key.
In cybersecurity, encryption serves as a critical defense: encrypting data at rest protects it from unauthorized access if storage media is stolen, and encrypting data in transit (TLS/SSL) prevents eavesdropping during network communication. However, ransomware weaponizes this same technology against its victims, using strong encryption to make files completely inaccessible.
Ransomware typically uses a hybrid encryption approach for speed and security. Each file is encrypted with a unique symmetric key (AES-256), which is extremely fast for large files. That symmetric key is then encrypted with the attacker's RSA or ECC public key. Only the attacker's private key can decrypt the symmetric keys, which in turn decrypt the files. This means there is no mathematical way to recover files without the attacker's private key — making reliable backups the only guaranteed recovery method. Ironically, one of the best defenses against ransomware encryption is proactive encryption: encrypting sensitive data at rest means that even if an attacker exfiltrates it for double extortion, the stolen data is useless without your encryption keys.