What is Ransomware?

    Ransomware has become one of the most prominent and visible type of malware. A bad actor designed it to deny a user or organization access to files on their computer. By encrypting “stolen” files and demanding a ransom payment for the decryption key, bad actors force organizations to pay a ransom because it is sometimes the easiest and most cost-effective way to regain access to the files.

    Why should organizations care about ransomware attacks?

    • Ransomware will continue to be a problem because every time a ransom is paid, it encourages other would-be attackers.
    • Attacks can effectively shut down a business until the data is recovered (in some cases, the data is gone forever, even if the ransom is paid).
    • Organizations will experience negative publicity following an attack. Some companies are including how they respond publicly to cyber attacks in their crisis communications plans. A ransomware attack can cause organizations to shut down their systems and manufacturing facilities, forcing them to stop normal business activities, thus hurting their revenue. Organizations will need to make the attack public to the media, investors, stockholders, employees, and customers.
    • Negative sentiment will cause customers and employees to become anxious about safety and security following an attack. For example, bad actors have targeted the healthcare, manufacturing, local governments, and education sectors forcing the victims to pay ransoms. Private and sensitive can be stolen by the attackers and shared on the dark web.

    How do you protect yourself from ransomware?

    Deploying network detection and response (NDR) technology using encrypted traffic analysis (i.e., the application of machine learning applied to deep packet dynamics), offers an organization’s security operations center (SOC) the ability to analyzing encrypted traffic without the need for decryption.

    NDR enables the effectiveness of the SOC by increasing the speed of response and stopping a ransomware attack before it happens by detecting anomalies in the network or minimizing the damage caused by an attacker.

    Related Products


    Network Performance
    Management Software


    Extend Network


    Packet Capture
    and Analysis

    Related Glossary Terms

    QoS, or quality of service, is key to ensuring the performance of critical applications on a network. Learn how QoS works and its benefits.

    A protocol analyzer is an essential tool for network operations. Protocol analyzers act as a vital intermediary between devices within a network, allowing administrators to gain valuable insights into the active communication between these devices.

    Encryption is a data security practice that converts normal, readable information into an unintelligible cypher. Once network traffic is encrypted, it can only be accessed by authorized users with a key, or by advanced encryption practices that can decode cyphertext. This process allows organizations to safely move confidential and sensitive information around without exposing it to bad actors.

    Packet analysis is a primary traceback technique in network forensics, which, providing that the packet details captured are sufficiently detailed, can play back even the entire network traffic for a particular point in time.

    Packet loss causes reduced throughput, diminished security, and other issues in your network. Learn about causes and effects and how you can mitigate its impact. 

    Threat hunting is the practice of an organization’s security operations center (SOC) to proactively search for cyber threats that are lurking undetected in an organization’s network.