Ransomware
Ransomware is malware that encrypts a victim's files or systems and demands payment (usually cryptocurrency) for the decryption key. Modern ransomware groups also exfiltrate data before encrypting and threaten to publish it — a tactic called double extortion.
Frequently Asked Questions
What is Ransomware?
Ransomware is malware that encrypts a victim's files or systems and demands payment (usually cryptocurrency) for the decryption key. Modern ransomware groups also exfiltrate data before encrypting and threaten to publish it — a tactic called double extortion.
How is Ransomware related to C2 (Command and Control)?
Ransomware and C2 (Command and Control) are both key concepts in threat intelligence. A Command and Control server is infrastructure used by attackers to remotely control compromised hosts (a botnet) and deliver instructions, exfiltrate data, or push malware updates. Blocking C2 communications is one of the most effective ways to disrupt an active attack.