Home > Glossary > Certified in Cybersecurity > Ransomware

📖 What is Ransomware?

A type of malware that encrypts a victim's files, with the attacker demanding a payment to restore access.

🥋 Sensei Says:

"The best defense against ransomware is having an offline, verified backup."

📚 Certification: Certified in Cybersecurity (CC)

🔑 What are the Key Concepts of Ransomware?

▸ Ransomware attacks often leverage phishing emails or exploited vulnerabilities to gain initial access to a system or network.
▸ Double extortion tactics are common, where attackers exfiltrate data *before* encryption, threatening to release it publicly.
▸ Prevention focuses on layered security: strong backups, endpoint detection and response (EDR), and user awareness training.
▸ Different ransomware families (e.g., WannaCry, Ryuk) employ varying encryption algorithms and attack vectors.
▸ Incident response plans should include isolation, identification, containment, eradication, and recovery procedures.

🎯 How does Ransomware appear on the CC Exam?

You may be asked to identify the most effective mitigation technique to prevent ransomware from spreading laterally within a network after initial compromise.

A scenario might describe a company experiencing a ransomware attack; expect questions about prioritizing data restoration from backups versus paying the ransom.

Expect questions about analyzing email headers and attachments to identify potential ransomware delivery methods, such as malicious links or documents.

❓ Frequently Asked Questions

Is paying the ransom ever a good idea?

Generally, no. Paying the ransom doesn't guarantee data recovery and funds criminal activity. Focus on backups and incident response. Law enforcement discourages payment.

What role does endpoint detection and response (EDR) play in ransomware defense?

EDR solutions can detect malicious behavior associated with ransomware, such as unusual file encryption activity, and automatically isolate affected systems.

How important are offline backups in a ransomware scenario?

Offline backups are *critical*. They provide a clean recovery point unaffected by the ransomware, allowing restoration without negotiating with attackers or risking re-infection.

Related Terms from Certified in Cybersecurity

Recovery Point Objective (RPO) Incident Response Life Cycle Disaster Recovery Plan (DRP) Incremental Backup IDS (Intrusion Detection System) Recovery Time Objective (RTO)

📝 Related Study Guides

Study Guide 8 min read

ISC2 CC Certification Guide: Your Free Entry into Cyber

The ISC2 Certified in Cybersecurity (CC) is a free, entry-level certification designed for beginners. It covers five core domains—Security Principles, BCP/DR, Access Control, Network Security, and Security Operations—via a 100-question exam. It's the ideal starting point for career changers to build a foundation without financial barriers.

Exam Tips 8 min read

ISC2 CC Exam Domains: What You Need to Know to Pass

The ISC2 CC exam consists of five domains: Security Principles, Business Continuity (BC), Disaster Recovery (DR), and Incident Response (IR), Access Controls, Network Security, and Security Operations. To pass, you must master the CIA Triad and security governance, while prioritizing high-weight domains through targeted practice and domain-specific analytics.

Comparison 8 min read

CISSP vs CISM: Which Certification Should You Pursue in 2026?

Choose CISSP if you want broad technical security expertise across eight domains, including cryptography, network security, and software development. Choose CISM if you're focused on information security management, governance, and risk management from a leadership perspective. CISSP is ideal for hands-on security architects, while CISM is designed for security managers and directors.