Ransomware is a form of malware that holds a computer system hostage until a ransom fee is paid. Ransomware typically infiltrates a computer system as a worm or Trojan horse that takes advantage of open security vulnerabilities. Upon compromising a computer, ransomware will typically either lock a user’s system or encrypt files on the computer and then demand payment before restoring the system or files.

How does ransomware work?

Most ransomware attacks occur when someone clicks on an infected email attachment or visits a malicious website. Once the ransomware is launched, it encrypts all files on the user’s device. At this point, the attacker typically threatens to publish the user’s files or hold the encryption key hostage until their demands are met. Because most ransom is paid in cryptocurrency, it is often difficult to trace and prosecute ransomware hackers.

In recent years, ransomware as a service (RaaS) has developed as a business model for hackers similar to that of legitimate software as a service (SaaS) providers. A single RaaS platform is licensed to multiple hackers with comparable onboarding documentation and monitoring dashboards. In terms of revenue, RaaS products are typically priced on a monthly subscription basis or a one-time fee. In some cases, hackers pay no up-front costs to use the ransomware platform, but share a cut of the ransom with the RaaS developers. 

Notable ransomware attacks

Ransomware attacks have made cybersecurity headlines for more than 30 years. In 1989, the AIDS Trojan—also known as PC Cyborg—was the first known malware attack in which a ransom was demanded to release encrypted files. However, there was a flaw in the malware that neutralized the threat and meant the ransom never needed to be paid.

Nearly two decades later, the high-profile WannaCry attack of 2017 was facilitated by a worm that targeted Microsoft Windows devices. The exploit vector at the helm of the spread was allegedly developed by and leaked from the U.S. National Security Agency. In total, numerous companies around the world were impacted by the attack, including FedEx, the U.K.’s National Health Service, Boeing, Honda, and multiple government agencies.

Most recently, the Colonial Pipeline attack of 2021 created widespread disruption to the oil supply chain across the United States, causing fuel prices to skyrocket. Ultimately, the attackers were paid $5 million in bitcoin, the majority of which was recovered during a federal investigation over the following months.

Read more: 20+ Top Cybersecurity Startups to watch at eSecurityPlanet.com.

How to prevent ransomware

There are many preventative measures businesses can take to avoid becoming the victim of the next ransomware attack. These include:

This article was updated by Kaiti Norton.

Vangie Beal
Vangie Beal is a freelance business and technology writer covering Internet technologies and online business since the late '90s.

Top Articles

The Complete List of 1559 Common Text Abbreviations & Acronyms

From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand today's texting lingo. Includes Top...

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...


Glassdoor is an online job search and review platform for people seeking new...


GitLab is a DevOps platform where software development and IT operations teams collaborate...


Udemy is a massive open online course (MOOC) platform offering a range of...