{"id":3402,"date":"2026-05-20T09:00:00","date_gmt":"2026-05-20T16:00:00","guid":{"rendered":"https:\/\/celacampaig.wpenginepowered.com\/?p=3402"},"modified":"2026-05-21T15:02:52","modified_gmt":"2026-05-21T22:02:52","slug":"five-things-about-ransomware","status":"publish","type":"post","link":"https:\/\/celacampaig.wpenginepowered.com\/topics\/cybersecurity\/stories\/five-things-about-ransomware\/","title":{"rendered":"Five things you need to know about ransomware"},"content":{"rendered":"

Cybercriminals held the files and data of thousands of organizations worldwide for ransom in the last year. And that’s just incidents that have been confirmed—it likely reflects only a small share of the total number of organizations affected by ransomware attacks, in which hackers lock systems or data and demand payment to restore access. The threat is systemic: more than half of cyberattacks with known motives in the last year were motivated by extortion or ransom, according to the 2025 Microsoft Digital Defense Report (MDDR)<\/a>. <\/p>

Ransomware attacks have increased almost fivefold in the last five years<\/a>, according to Foreign Policy Analytics. Similarly, in 2024, Microsoft found a 275% year-over-year increase<\/a> in ransomware attacks. Ransomware has long been a profitable model for cybercrime, and in recent years it has become not only more lucrative but also easier to scale and increasingly difficult to attribute and prosecute. <\/p>

“Ransomware is the number one cyberthreat facing most organizations,” says Sherrod DeGrippo, General Manager of Global Threat Intelligence at Microsoft. DeGrippo explains that today, ransomware has become a societal issue on a global scale that has the potential to affect us all.  <\/p>

How did we get here, and what will happen next? Here are five things you need to know about ransomware today. <\/p>

It started as a personal attack. Now it’s a societal threat. <\/strong><\/h2>

Ransomware has been around for a long time—the first documented case involved malware distributed on floppy disks in 1989. However, it did not become widespread until around 2016, when cybercriminals were sending emails infected with malware such as Locky at a rate of about a million messages a day. If a recipient opened the email, the files on their computer would be encrypted and they’d get a note demanding payment of about $300 in Bitcoin to unlock them. But it was fairly easy for people to wipe their computer, reinstall files from a backup, and ignore the ransom demand.  <\/p>

Over time, cybercriminals hunting for a big payout began to look beyond individual users. They set their sights on entire organizations. By targeting cloud infrastructure, they could encrypt all of a company’s files at once, holding the entire organization hostage. Instead of just a few hundred dollars, they could demand millions. <\/p>

Even so, not every organization chooses to pay. As a result, by the early 2020s, attackers were looking for bigger, more reliable profits by targeting sectors where organizations can’t afford to have their operations disrupted, like healthcare, education, transportation, and other critical services. One metric of their success: a 2024 Microsoft survey found that 53% of healthcare organizations hit by ransomware attacks chose to pay<\/a>—with an average payment of $4.4 million. <\/p>

The shift from targeting individuals to enterprise-level attacks that threaten not just company operations but everyday life and safety has made ransomware a pervasive threat. An attack on a hospital can delay urgent or critical care. Attacks on utilities can disrupt access to clean water or energy. Ransomware today affects us all, and addressing it has become a priority for government and law enforcement worldwide. <\/p>

Ransomware has become a robust—and resilient—industry. <\/h2>

As ransomware attacks started to bring in more money, attackers became more organized. Ransomware evolved into a professionalized industry with a range of providers who specialize in specific elements of an attack. Some create the malware, and some are initial access brokers who sell various ways to break into networks, such as remote access credentials and phishing kits. There are ransom negotiators and groups that run “leak sites” that house stolen files. “There’s an entire supply chain that provides the weaponry for ransomware attacks,” DeGrippo says. <\/p>

\"An
Image taken from https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/05\/09\/ransomware-as-a-service-understanding-the-cybercrime-gig-economy-and-how-to-protect-yourself<\/a> <\/em><\/figcaption><\/figure>

Every part of that supply chain is more efficient now thanks to AI. The ability to create convincing forged documents, send automated phishing emails, and write ransom messages in any language enables ransomware groups to customize attacks on a significantly larger scale. <\/p>

The industrialization of ransomware makes it much harder to stop attacks. One reason is that many people consider it just a normal job. Leaked internal chat messages from the Russia-based Conti ransomware group reveal that members see themselves simply as developers who are engineering software for their employer. “Many of them are seen as upstanding people in their community because they have a computer job,” DeGrippo says. “These threat actors that are ransoming hospitals and putting lives at risk—they do not see it as criminal. They do not see a moral aspect.” <\/p>

This structure also makes it harder to identify and stop those responsible. When analysts discover a group that is active in the ecosystem, they have to determine whether it’s central to attacks or simply a peripheral part of the marketplace. But even when the most dangerous groups are identified, law enforcement rarely apprehends individual people. Microsoft’s Digital Crimes Unit most often disrupts cybercriminal operations by taking down their infrastructure<\/a>, including domains, servers, and virtual computers, so they’re unable to operate. But since so much of that infrastructure can easily be bought and sold, the individuals just form new groups and start over.  <\/p>

For that reason, governments and law enforcement have moved from reacting to individual attacks to focusing on disrupting the conditions that allow this market to thrive. Part of that is strengthening baseline cybersecurity across critical sectors. But ransomware groups also exploit legal gaps between jurisdictions, so cross-border cooperation is also an important factor.  <\/p>

Coordinated law enforcement and public-private partnerships are much more effective in disrupting the ecosystem than any of these efforts would be on their own. Microsoft works with law enforcement as well as governments and policymakers<\/a> on actions that raise costs for ransomware actors, slow their operations, and break up the different groups involved across the supply chain. Governments can build on that momentum by prioritizing information sharing, joint investigations, and deeper collaboration with industry.<\/p>

There’s more than one way to ransom. <\/strong><\/h2>

The classic extortion model still works: attackers lock an organization’s files and demand a fee to decrypt them. But today, groups also steal, or exfiltrate, data and threaten to publish or sell it if the ransom isn’t paid.  <\/p>

In recent years, attackers have combined these tactics. They exfiltrate the data first, then encrypt it, so they can pressure a company to pay to both get their data back and keep it from being sold on the dark web. To increase the pressure, they’ll also go through the stolen data to find the most sensitive or damaging information—for example, psychological profiles—and threaten to publicly release that specific information. “We call it multi-extortion,” DeGrippo says. “If you’re able to think diabolically enough, you can keep adding these multipliers and sweeteners to get more money.”<\/p>

Ransomware actors are changing, and so are their tactics and motivations. <\/strong><\/h2>

Historically, most ransomware actors have operated out of countries, often in Eastern Europe, where they’re not prosecuted<\/a> as long as they target victims abroad, so they’re able to operate with impunity. Addressing ransomware activity in these “safe havens” requires sustained use of diplomatic and economic levers to increase pressure and make it harder for these actors to function with impunity. This can help shift the economics of ransomware, making it a less attractive and less sustainable model over time. <\/p>

Recently, however, there has been a rise in Western ransomware groups that brings a new set of challenges. Many are comprised of young men operating out of a digital hub known as “The Com.” Unlike earlier groups, they are not always driven solely by profit. Some are also motivated by causing disruption and manipulation—and digital attacks often involve physical threats and violence. “They’ll get a local person to throw a brick through a window at their target’s house,” DeGrippo says, “and then they’ll send a text message and say, ‘I just threw a brick through your window. Are you gonna give me the password or not?’”<\/p>

For most organizations, it’s not if<\/em> they’ll face a ransomware threat, but when<\/em>. <\/strong><\/h2>

DeGrippo advises all companies to assume their networks will one day be breached by a cybercriminal seeking a ransom. “You need a plan, and you need to run that plan in a mock scenario where it feels very real,” she says.  <\/p>

An enterprise can’t wait for a ransom note to arrive to decide whether or not they’ll pay. The strategy must be defined well in advance, in collaboration with legal and financial departments. Importantly, organizations need to figure out how to remain operational, with minimal disruption, in the event of a ransom. That means knowing which systems can go offline in an attack and which must stay connected, and having reliable, verified file backups stored offline where they’re safe from encryption. The entire response plan must be accessible and actionable outside of the company’s network. “We have seen threat actors join the conference call where the incident about them is being discussed,” DeGrippo says. “You have to be able to get out of your network when you know there’s a threat actor in there.”  <\/p>

Speed is of the essence in these situations. Dwell time, or the time a ransomware actor is in a company’s network, has dropped from weeks to days to hours. “Dwell time is critical because that’s how much time you have to detect the ransomware actor in your environment before they inflict damage,” DeGrippo says. An organization needs to figure out that the actor is there before they steal and decrypt files. The ransomware actor wants to encrypt as quickly as possible, but they have to exfiltrate the files first, “so that they have that ready to go if they want to do a next-level extortion,” DeGrippo says. “It’s a race against time on both sides.” <\/p>

The good news is that cybersecurity fundamentals provide solid ransomware defense. Implementing strong passwords and multi-factor authentication, training employees to recognize phishing and social engineering attempts, patching and updating aging software, and maintaining secure file storage and access management systems all improve resilience to ransomware. “Throughout history, we’ve seen the same pattern among criminals: they’ll look to do the bare minimum to be successful,” DeGrippo says. Security fundamentals are often enough to make a ransomware actor move on to an easier target. To learn more, read the MDDR’s top 10 cybersecurity recommendations<\/a> for enterprises and watch Lisa Monaco in the Digital Front Lines Report<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

An essential history, overview, and outlook on the global threat of ransomware, with insight from Sherrod DeGrippo, General Manager of Global Threat Intelligence at Microsoft.<\/p>\n","protected":false},"author":23,"featured_media":3403,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_microsoft_sidebar_content":"\n

\n

Share<\/p>\n\n\n<\/div>\n\n\n\n

\n

Read about the takedown of RaccoonO365<\/a><\/h2>\n\n\n\n
\n
Read the article<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n

Read an explainer on Cybercrime-as-a-Service<\/a><\/h2>\n\n\n\n
\n
Read the article<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n

The shift from targeting individuals to enterprise-level attacks that threaten not just company operations but everyday life and safety, has made ransomware a pervasive threat. Ransomware today affects us all, and addressing it has become a priority for government and law enforcement worldwide.<\/p>\n<\/blockquote>\n","_microsoft_bottom_content":"\n

\n
\n
\n
\"\"<\/figure>\n\n\n\n

Read the Digital Front Lines Report<\/a><\/h3>\n<\/div>\n\n\n\n
\n
\n \n Read \u201cStarting your journey to become quantum-safe\u201d\n <\/span>\n \"\"\n <\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n
\n
\"Stylized<\/figure>\n\n\n\n

Cyberspace and the future of global diplomacy<\/a><\/h3>\n<\/div>\n\n\n\n
\n
\n \n Read \u201c5 things threat analysts wish you knew\u201d\n <\/span>\n \"\"\n <\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n
\n
\n
\"\"<\/figure>\n\n\n\n

Ransomware-as-a-Service: Understanding the cybercrime gig economy and how to protect yourself <\/a><\/h3>\n<\/div>\n\n\n\n
\n
\n \n \n Read \u201cProtecting NGOs from cyberattacks\u201d\n <\/span>\n \"\"\n <\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n","_microsoft_story_hero_content":"\n
<\/div>\n\n\n\n
\n
<\/div>\n\n\n<\/div>\n","_microsoft_story_content_prefix_content":"\n
<\/div>\n","_microsoft_story_content_suffix_content":"\n

<\/p>\n","_microsoft_author-bio_content":"","_microsoft_responsive_featured_images":[],"_microsoft_use_source_image":false,"_microsoft_color_scheme":"clear-blue","footnotes":""},"categories":[2],"tags":[],"topic":[48],"class_list":["post-3402","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-government","topic-cybersecurity"],"yoast_head":"\nFive things you need to know about ransomware | Microsoft<\/title>\n<meta name=\"description\" content=\"Five things to know about ransomware, including how attacks are evolving, who\u2019s behind them, and why resilience is critical.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Five things you need to know about ransomware | Microsoft\" \/>\n<meta property=\"og:description\" content=\"Five things to know about ransomware, including how attacks are evolving, who\u2019s behind them, and why resilience is critical.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Corporate Responsibility\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-20T16:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-21T22:02:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/05\/CELA_RansomwareExplainer_1920x800-1024x427.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"427\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"CELA\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"CELA\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#article\",\"isPartOf\":{\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/topics\/cybersecurity\/stories\/five-things-about-ransomware\/\"},\"author\":{\"name\":\"CELA\",\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/#\/schema\/person\/ce859313c57e3391d8283b3b6104ddd0\"},\"headline\":\"Five things you need to know about ransomware\",\"datePublished\":\"2026-05-20T16:00:00+00:00\",\"dateModified\":\"2026-05-21T22:02:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/topics\/cybersecurity\/stories\/five-things-about-ransomware\/\"},\"wordCount\":1999,\"publisher\":{\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#primaryimage\"},\"thumbnailUrl\":\"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/05\/CELA_RansomwareExplainer_1920x800.jpg\",\"articleSection\":[\"Government\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/topics\/cybersecurity\/stories\/five-things-about-ransomware\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware\",\"name\":\"Five things you need to know about ransomware | Microsoft\",\"isPartOf\":{\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#primaryimage\"},\"thumbnailUrl\":\"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/05\/CELA_RansomwareExplainer_1920x800.jpg\",\"datePublished\":\"2026-05-20T16:00:00+00:00\",\"dateModified\":\"2026-05-21T22:02:52+00:00\",\"description\":\"Five things to know about ransomware, including how attacks are evolving, who\u2019s behind them, and why resilience is critical.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#primaryimage\",\"url\":\"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/05\/CELA_RansomwareExplainer_1920x800.jpg\",\"contentUrl\":\"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/05\/CELA_RansomwareExplainer_1920x800.jpg\",\"width\":1920,\"height\":800,\"caption\":\"An illustration of people approaching three kiosks labeled developers, access brokers, and negotiators\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/celacampaig.wpenginepowered.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Five things you need to know about ransomware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/#website\",\"url\":\"https:\/\/celacampaig.wpenginepowered.com\/\",\"name\":\"Corporate Responsibility\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/celacampaig.wpenginepowered.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/#organization\",\"name\":\"Corporate Responsibility\",\"url\":\"https:\/\/celacampaig.wpenginepowered.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/#\/schema\/logo\/image\/\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Corporate Responsibility\"},\"image\":{\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/celacampaig.wpenginepowered.com\/#\/schema\/person\/ce859313c57e3391d8283b3b6104ddd0\",\"name\":\"CELA\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/fc604534920b8a31569e892d2c11aa1a6d22586668697b81a1cc8f49f3b1d740?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fc604534920b8a31569e892d2c11aa1a6d22586668697b81a1cc8f49f3b1d740?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fc604534920b8a31569e892d2c11aa1a6d22586668697b81a1cc8f49f3b1d740?s=96&d=mm&r=g\",\"caption\":\"CELA\"},\"sameAs\":[\"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/cybersecurity\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Five things you need to know about ransomware | Microsoft","description":"Five things to know about ransomware, including how attacks are evolving, who\u2019s behind them, and why resilience is critical.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware","og_locale":"en_US","og_type":"article","og_title":"Five things you need to know about ransomware | Microsoft","og_description":"Five things to know about ransomware, including how attacks are evolving, who\u2019s behind them, and why resilience is critical.","og_url":"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware","og_site_name":"Microsoft Corporate Responsibility","article_published_time":"2026-05-20T16:00:00+00:00","article_modified_time":"2026-05-21T22:02:52+00:00","og_image":[{"width":1024,"height":427,"url":"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/05\/CELA_RansomwareExplainer_1920x800-1024x427.jpg","type":"image\/jpeg"}],"author":"CELA","twitter_card":"summary_large_image","twitter_misc":{"Written by":"CELA","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#article","isPartOf":{"@id":"https:\/\/celacampaig.wpenginepowered.com\/topics\/cybersecurity\/stories\/five-things-about-ransomware\/"},"author":{"name":"CELA","@id":"https:\/\/celacampaig.wpenginepowered.com\/#\/schema\/person\/ce859313c57e3391d8283b3b6104ddd0"},"headline":"Five things you need to know about ransomware","datePublished":"2026-05-20T16:00:00+00:00","dateModified":"2026-05-21T22:02:52+00:00","mainEntityOfPage":{"@id":"https:\/\/celacampaig.wpenginepowered.com\/topics\/cybersecurity\/stories\/five-things-about-ransomware\/"},"wordCount":1999,"publisher":{"@id":"https:\/\/celacampaig.wpenginepowered.com\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#primaryimage"},"thumbnailUrl":"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/05\/CELA_RansomwareExplainer_1920x800.jpg","articleSection":["Government"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/celacampaig.wpenginepowered.com\/topics\/cybersecurity\/stories\/five-things-about-ransomware\/","url":"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware","name":"Five things you need to know about ransomware | Microsoft","isPartOf":{"@id":"https:\/\/celacampaig.wpenginepowered.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#primaryimage"},"thumbnailUrl":"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/05\/CELA_RansomwareExplainer_1920x800.jpg","datePublished":"2026-05-20T16:00:00+00:00","dateModified":"2026-05-21T22:02:52+00:00","description":"Five things to know about ransomware, including how attacks are evolving, who\u2019s behind them, and why resilience is critical.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#primaryimage","url":"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/05\/CELA_RansomwareExplainer_1920x800.jpg","contentUrl":"https:\/\/celacampaig.wpenginepowered.com\/wp-content\/uploads\/2026\/05\/CELA_RansomwareExplainer_1920x800.jpg","width":1920,"height":800,"caption":"An illustration of people approaching three kiosks labeled developers, access brokers, and negotiators"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/topics\/cybersecurity\/stories\/five-things-about-ransomware#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/celacampaig.wpenginepowered.com\/"},{"@type":"ListItem","position":2,"name":"Five things you need to know about ransomware"}]},{"@type":"WebSite","@id":"https:\/\/celacampaig.wpenginepowered.com\/#website","url":"https:\/\/celacampaig.wpenginepowered.com\/","name":"Corporate Responsibility","description":"","publisher":{"@id":"https:\/\/celacampaig.wpenginepowered.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/celacampaig.wpenginepowered.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/celacampaig.wpenginepowered.com\/#organization","name":"Corporate Responsibility","url":"https:\/\/celacampaig.wpenginepowered.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/celacampaig.wpenginepowered.com\/#\/schema\/logo\/image\/","url":"","contentUrl":"","caption":"Corporate Responsibility"},"image":{"@id":"https:\/\/celacampaig.wpenginepowered.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/celacampaig.wpenginepowered.com\/#\/schema\/person\/ce859313c57e3391d8283b3b6104ddd0","name":"CELA","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fc604534920b8a31569e892d2c11aa1a6d22586668697b81a1cc8f49f3b1d740?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fc604534920b8a31569e892d2c11aa1a6d22586668697b81a1cc8f49f3b1d740?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fc604534920b8a31569e892d2c11aa1a6d22586668697b81a1cc8f49f3b1d740?s=96&d=mm&r=g","caption":"CELA"},"sameAs":["https:\/\/www.microsoft.com\/en-us\/corporate-responsibility\/cybersecurity\/"]}]}},"_links":{"self":[{"href":"https:\/\/celacampaig.wpenginepowered.com\/wp-json\/wp\/v2\/posts\/3402","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/celacampaig.wpenginepowered.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/celacampaig.wpenginepowered.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/celacampaig.wpenginepowered.com\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/celacampaig.wpenginepowered.com\/wp-json\/wp\/v2\/comments?post=3402"}],"version-history":[{"count":0,"href":"https:\/\/celacampaig.wpenginepowered.com\/wp-json\/wp\/v2\/posts\/3402\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/celacampaig.wpenginepowered.com\/wp-json\/wp\/v2\/media\/3403"}],"wp:attachment":[{"href":"https:\/\/celacampaig.wpenginepowered.com\/wp-json\/wp\/v2\/media?parent=3402"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/celacampaig.wpenginepowered.com\/wp-json\/wp\/v2\/categories?post=3402"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/celacampaig.wpenginepowered.com\/wp-json\/wp\/v2\/tags?post=3402"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/celacampaig.wpenginepowered.com\/wp-json\/wp\/v2\/topic?post=3402"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}