Программа-вымогатель
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://ipfyi.com/iframe/glossary/ransomware/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://ipfyi.com/glossary/ransomware/Add a dynamic SVG badge to your README or docs.
[](https://ipfyi.com/glossary/ransomware/)Use the native HTML custom element.
Определение
Тип вредоносного ПО, шифрующего файлы жертвы или блокирующего её систему с требованием выкупа (обычно в криптовалюте) за ключ расшифровки. Современные программы-вымогатели часто сочетают шифрование с утечкой данных для двойного вымогательства.
The Attack Lifecycle
Ransomware follows a predictable kill chain. Initial access typically comes via PhishingA social engineering attack that uses fraudulent emails, websites, or messages to trick users into revealing credentials, financial data, or installing malware. Spear phishing targets specific individuals with personalized content. emails, exposed SSH services with weak credentials, or unpatched vulnerabilities. Once inside, the malware spreads laterally, identifies valuable data, and exfiltrates a copy before encrypting files — giving attackers double leverage: pay to decrypt, pay again to prevent publication.
Network-Level Indicators
Security teams hunt ransomware using network telemetry. Key signals include unusual SMB traffic (lateral movement), large outbound transfers to unfamiliar IPs, DNSDomain Name System. The hierarchical, distributed naming system that translates human-readable domain names (e.g., example.com) into IP addresses (e.g., 93.184.216.34). Often called the "phonebook of the internet." queries to newly registered domains, and communication with command-and-control infrastructure over non-standard TCP ports. A HoneypotA decoy system or network resource designed to attract and trap attackers, allowing defenders to study attack techniques and divert threats from production assets. Honeypots provide early warning of intrusion attempts. share with fake sensitive files can trigger early alerts the moment ransomware begins scanning.
Defense in Depth
No single control stops ransomware. Effective defense layers include:
- Patch management — eliminate known CVE entry points
- Email filtering / WAFWeb Application Firewall. A security layer that filters, monitors, and blocks HTTP/HTTPS traffic to and from a web application, protecting against attacks like SQL injection, XSS, and CSRF at the application layer. — block malicious attachments and links
- Network segmentation — limit blast radius of a successful infection
- Immutable backups — air-gapped or append-only storage prevents encryption of backup copies
- EDR + Intrusion Prevention System (IPS)A network security system that monitors traffic for malicious activity and actively blocks or drops detected threats in real time. An IPS extends the passive detection capabilities of an IDS with inline prevention. — detect behavioral anomalies before encryption starts
IP Blacklist Check can verify whether known ransomware C2 IP ranges are already blocked at your perimeter.