Ransomware is a type of malicious software (malware) that encrypts a victim's data, making it inaccessible until a ransom is paid, typically in cryptocurrency like Bitcoin. The attackers provide a decryption key only after the ransom is paid, but there is no guarantee that they won't install additional malware or steal data for further extortion.

Organizations may opt to pay ransoms because it can be more cost-effective than the lengthy and complex process of manually recovering data. For instance, the City of Baltimore faced recovery costs of approximately $18 million after a ransomware attack, while smaller cities paid a combined $1 million in Bitcoin to regain access to their data.

To prevent ransomware attacks, organizations should adopt a comprehensive security architecture that spans from the network edge to data centers and endpoint devices. This includes implementing security best practices, regularly updating systems, and training employees to recognize phishing attempts and other attack vectors.