Ransomware isn't new. The security frameworks to defend against the chains of attack leading to compromise aren’t new either. To understand how best to defend against ransomware, we must understand ransomware itself: the economics, the motivation, the tactics, techniques and procedures (TTPs) as well as the changing landscape of the past 18 months - in a social and technical sense. What is ransomware and how does it work? Let’s start with the basics, what is ransomware? As the name suggests, ransomware is malware designed to block access to a system until a ransom is paid. Traditionally, ransomware has had a very simple business model. Compromise a system, encrypt that system and then sell access back to the owner by way of a decryption key for untraceable crypto currency. Ransomware crews operate much like a typical business. They have staff, a team structure, a product, and they invest time and effort.