Ransomware is a type of malware (malicious software) that locks a victim’s data or device and threatens to keep it locked—or worse—unless the victim pays a ransom to the attacker. According to the IBM, ransomware attacks represented 17 percent of all cyberattacks in 2022.
The earliest ransomware attacks simply demanded a ransom in exchange for the encryption key needed to regain access to the affected data or use of the infected device. By making regular or continuous data backups, an organization could limit costs from these types of ransomware attacks and often avoid paying the ransom demand.
But in recent years, ransomware attacks have evolved to include double-extortion and triple-extortion attacks that raise the stakes considerably—even for victims who rigorously maintaining data backups or pay the initial ransom demand. Double-extortion attacks add the threat of stealing the victim’s data and leaking it online; on top of that, triple-extortion attacks threaten to use the stolen data to attack the victim’s customers or business partners.
Research has found that ransomware's share of all cybersecurity incidents declined by 4 percent from 2021 to 2022, likely because defenders were more successful detecting and preventing ransomware attacks. But this positive finding was eclipsed by a massive 94 percent reduction in the average attack timeline—from 2 months to fewer than 4 days, giving organizations very little time to detect and thwart potential attacks.