---
id: "prereq-ransomware-mechanics"
type: "prereq"
source_timestamps: ["¶11"]
tags: ["threat-literacy"]
related: ["claim-backups-defeat-ransomware", "concept-data-architecture-for-security"]
reason: "Necessary to understand the strategic value of data backups in modern cybersecurity."
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-sig-57-smb-cyber-risk"
sourceUrl: "https://hbr.org/2026/06/ai-is-changing-cyber-risk-heres-how-smbs-can-respond"
sourceTitle: "AI Is Changing Cyber Risk. Here’s How SMBs Can Respond."
---
# Mechanics of Ransomware

**Assumed knowledge:** the reader knows how ransomware works — encrypting data and demanding payment for the decryption key — in order to understand why secure/offline backups negate the hacker's leverage.

**Why it's needed:** necessary to grasp the strategic value of backups ([[claim-backups-defeat-ransomware]]) within [[concept-data-architecture-for-security]] and the action [[action-architect-data]].

> [!note] Modern extension
> Contemporary ransomware also *exfiltrates* data and threatens to leak it (double/triple extortion). A reader who understands only the encryption model will underestimate why backups alone are insufficient — see the enrichment caveat on [[claim-backups-defeat-ransomware]].
