U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.


We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

This is an archive
(replace .gov by .rip)

Ransomware Protection and Response


Thanks for helping shape our ransomware guidance!

Our new resources on tips and tactics for preparing your organization for ransomware attacks are here! 


Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access.

NIST Ransomware Infographic

Here’s an example of how a ransomware attack can occur:

  1. A user is tricked into clicking on a malicious link that downloads a file from an external website.
  2. The user executes the file, not knowing that the file is ransomware.
  3. The ransomware takes advantage of vulnerabilities in the user’s computer and other computers to propagate throughout the organization.
  4. The ransomware simultaneously encrypts files on all the computers, then displays messages on their screens demanding payment in exchange for decrypting the files.

Ransomware disrupts or halts an organization’s operations and poses a dilemma for management: does the organization pay the ransom and hope that the attackers keep their word about restoring access, or does the organization not pay the ransom and restore operations themselves?

Fortunately, organizations can take steps to prepare for ransomware attacks. This includes protecting data and devices from ransomware and being ready to respond to any ransomware attacks that succeed. 

Here are NIST resources that can help you with ransomware protection and response.


My organization needs to...





Created May 04, 2021, Updated October 20, 2021