Skip to content

Data encryption for impact (Ransomware)


ID: MS-T838
Tactic: Impact
MITRE technique: T1486

Attackers may encrypt data stored on storage services to disrupt the availability of systems or other lines of business. Making resources inaccessible by encrypting files or blobs and withholding access to a decryption key. This may be done to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware).