In plain English
Ransomware locks you out of your own data and demands payment to restore access. Modern ransomware gangs also steal data before encrypting it, threatening to publish it publicly if the ransom isn't paid — a tactic known as double extortion. Australian businesses lose millions each year to ransomware, and paying the ransom doesn't guarantee file recovery.
Full definition
Modern ransomware operations are typically run as Ransomware-as-a-Service (RaaS), where criminal groups develop and maintain the ransomware platform and recruit affiliates to carry out attacks. Affiliates keep 70–80% of ransom payments; the core group retains the rest.
Common entry points include emails, exposed Remote Desktop Protocol (RDP) ports, unpatched vulnerabilities, and compromised credentials. Once inside, attackers spend days or weeks moving through the network and exfiltrating data before detonating the ransomware — maximising their leverage.
The Regular Backups control — specifically, offline or immutable backups that cannot be encrypted by ransomware — is the primary recovery mechanism. IronSights services can contain and eradicate a ransomware infection and guide recovery from verified clean backups.