What is ransomware and what are common mitigation strategies?

Ransomware is a type of malware that encrypts the victim’s data and demands payment to restore access. A strong set of mitigations centers on data resilience and quick recovery: maintain backups and offline copies so you can restore without paying, ensure backups are protected from tampering, and regularly test restore ability. Keep systems up to date with patching to close vulnerabilities attackers exploit to deploy ransomware. Educate users through training to reduce phishing and other social-engineering techniques that deliver the malware. Apply the principle of least privilege so ransomware cannot easily encrypt every file or spread across the network, and use endpoint detection and response to identify, contain, and remediate suspicious activity quickly. The other options describe tools that don’t address ransomware’s behavior—monitoring network traffic, uninstalling apps automatically, or password recovery tools—so they don’t capture the core idea of what ransomware is and how to mitigate it.