Ransomware is a form of malware that holds a computer system hostage until a ransom fee is paid. Ransomware typically infiltrates a computer system as a worm or Trojan horse that takes advantage of open security vulnerabilities. Upon compromising a computer, ransomware will typically either lock a user’s system or encrypt files on the computer and then demand payment before restoring the system or files.

How does ransomware work?

Most ransomware attacks occur when someone clicks on an infected email attachment or visits a malicious website. Once the ransomware is launched, it encrypts all files on the user’s device. At this point, the attacker typically threatens to publish the user’s files or hold the encryption key hostage until their demands are met. Because most ransom is paid in cryptocurrency, it is often difficult to trace and prosecute ransomware hackers.

In recent years, ransomware as a service (RaaS) has developed as a business model for hackers similar to that of legitimate software as a service (SaaS) providers. A single RaaS platform is licensed to multiple hackers with comparable onboarding documentation and monitoring dashboards. In terms of revenue, RaaS products are typically priced on a monthly subscription basis or a one-time fee. In some cases, hackers pay no up-front costs to use the ransomware platform, but share a cut of the ransom with the RaaS developers. 

Notable ransomware attacks

Ransomware attacks have made cybersecurity headlines for more than 30 years. In 1989, the AIDS Trojan—also known as PC Cyborg—was the first known malware attack in which a ransom was demanded to release encrypted files. However, there was a flaw in the malware that neutralized the threat and meant the ransom never needed to be paid.

Nearly two decades later, the high-profile WannaCry attack of 2017 was facilitated by a worm that targeted Microsoft Windows devices. The exploit vector at the helm of the spread was allegedly developed by and leaked from the U.S. National Security Agency. In total, numerous companies around the world were impacted by the attack, including FedEx, the U.K.’s National Health Service, Boeing, Honda, and multiple government agencies.

Most recently, the Colonial Pipeline attack of 2021 created widespread disruption to the oil supply chain across the United States, causing fuel prices to skyrocket. Ultimately, the attackers were paid $5 million in bitcoin, the majority of which was recovered during a federal investigation over the following months.

Read more: 20+ Top Cybersecurity Startups to watch at eSecurityPlanet.com.

How to prevent ransomware

There are many preventative measures businesses can take to avoid becoming the victim of the next ransomware attack. These include:

This article was updated by Kaiti Norton.

Vangie Beal
Vangie Beal
Vangie Beal is a freelance business and technology writer covering Internet technologies and online business since the late '90s.

Related Articles


What is phishing? Phishing is a type of cybercrime in which victims are contacted by email, telephone, or text message by an attacker posing as...

Digital Advertising

What is Digital Advertising? Digital advertising is marketing to a target audience through digital platforms, including social media, email, search engines, mobile apps, affiliate programs,...

Multi-factor Authentication (MFA)

Multi-factor authentication (MFA) is an electronic authentication process that provides extra layers of security to an application or service against various cyber attacks. Also...


RSA SecurID is multi-factor authentication (MFA) technology used to protect network resources, such as applications and websites. Its purpose is to mitigate risk and...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...