Double-Extortion

Ransomware is a type of malicious software that encrypts data or threatens publication to extort payment from victims. This SECMONS glossary entry explains how ransomware operates, common attack stages, and why modern ransomware campaigns combine encryption with data exfiltration.

LockBit is a ransomware-as-a-service (RaaS) ecosystem responsible for widespread double-extortion campaigns targeting enterprise, government, and critical infrastructure organizations. This profile provides structured analysis of LockBit’s operational model, techniques, and defensive implications.

LockBit is a major ransomware operation known for double extortion tactics, large-scale enterprise attacks, and an affiliate-driven ransomware-as-a-service model.

Double extortion is a ransomware tactic where attackers steal sensitive data before encrypting systems and threaten to publish the information if the ransom is not paid.

Ryuk is a targeted ransomware strain publicly associated with high-impact enterprise intrusions, often deployed following credential theft and lateral movement. This SECMONS profile provides structured analysis of Ryuk’s operational patterns, ecosystem relationships, and defensive implications.