Malware that attempts to extort money from a user or organisation by taking control of the victim’s machine, files or documents. Ransomware, such as Wannacry, Petya or Locky, and their variants can propagate from just one infected system and infect a whole network. In most cases, ransomware uses 256-bit AES to encrypt files. Without the decryption key, the victim’s data becomes inaccessible. The attacker will normally request a ransom payment via an untraceable channel, such as Bitcoin. However, even if the ransom is paid, there is still a great degree of uncertainty as to whether the files will be decrypted. The most common attack vectors for ransomware are email attachments and links to file sharing sites, such as Dropbox or Google Drive. Drive-by-downloads are also used as a conduit, where social engineering techniques are used to persuade the user to open the infected file. High profile victims of ransomware have included the UK’s National Health Service, Telefonica, the Spanish telecoms company, and the courier company FedEx. However, everyday smaller organisations also become victims to ransomware, which never gets reported.