This glossary is from Learning Ransomware Response & Recovery by W. Curtis Preston and Dr. Mike Saylor. Browse all letters of the glossary or get the book.
RaaS (Ransomware-as-a-Service) – Business model where ransomware developers rent their malware to affiliates, lowering barriers to entry for cybercriminals.
RACI – Responsibility matrix defining who is Responsible, Accountable, Consulted, and Informed for incident response tasks.
RACI Matrix – Tool defining roles as Responsible, Accountable, Consulted, or Informed for each task or decision.
Radare2 – Free reverse engineering tool for analyzing malware, though less user-friendly than Ghidra.
RAID (Redundant Array of Independent Disks) – Storage technology that combines multiple disks for redundancy and performance.
Ransom Note – Message from attackers demanding payment, typically containing Bitcoin wallet addresses and .onion links.
Ransom Payment/Negotiation – The process of communicating with attackers and potentially paying ransom to obtain decryption keys.
Ransomware – Malicious software that encrypts data or locks systems, demanding ransom payment for restoration.
Ransomware-as-a-Service (RaaS) – Business model where ransomware developers rent their malware to other criminals for a share of profits.
RDP (Remote Desktop Protocol) – Microsoft protocol allowing remote control of Windows computers, often exploited in ransomware attacks.
Recorded Future – Threat intelligence platform providing real-time information on emerging threats and adversary activities.
Reconnaissance – The information-gathering phase where attackers learn about target systems, vulnerabilities, and network architecture.
Recovery – The holistic process of restoring operations including system rebuilds, data restoration, testing, and validation.
Recovery Group – A set of interdependent systems that must be restored together to provide application functionality.
Recovery Groups – Sets of interdependent systems (databases, application servers, web servers) restored and tested together as a unit.
Recovery Metrics – Measurements of how quickly and completely data and systems can be restored after incidents.
Recovery Point Actual (RPA) – The actual amount of data loss that occurs during a recovery, measured in time.
Recovery Point Objective (RPO) – The maximum acceptable amount of data loss, measured in time (e.g., 24 hours of data).
Recovery Sandbox – An isolated environment for safely restoring and verifying systems before releasing them to production.
Recovery Time Actual (RTA) – The actual time required to restore systems to operation during an incident.
Recovery Time Objective (RTO) – The target time for restoring systems to operation after an incident.
Recuva – Free file recovery tool that can restore some encrypted or deleted files.
Red Team – Group that simulates real-world attacks against an organization to test defenses and response capabilities.
Region (Cloud) – Geographic area containing multiple physically separated data centers (availability zones), typically hundreds or thousands of miles apart.
Registry Keys – Windows system configuration entries where malware can install persistence mechanisms.
Re-imaging – Rebuilding a system using a pre-configured golden image of a clean operating system and applications.
Remediation – The process of fixing vulnerabilities, removing malware, and addressing security gaps identified during incidents.
Remote Desktop Protocol (RDP) – Microsoft protocol allowing remote control of Windows computers, often exploited in ransomware attacks.
Remote Monitoring and Management (RMM) – Tools allowing IT administrators to remotely monitor, maintain, and troubleshoot systems.
Replication (Synchronous and Asynchronous) – Continuously copying data between systems; synchronous waits for confirmation before completing writes, asynchronous does not.
Request for Proposal (RFP) – Formal document soliciting proposals from vendors for products or services.
Restore – The technical act of copying data from a backup to a target system.
Retention – The period that backup data is kept before deletion, typically based on legal, regulatory, or business requirements.
Reverse Engineering – Process of analyzing malware executables to understand functionality, encryption methods, and command-and-control infrastructure.
Role-Based Access Control (RBAC) – Access control method that assigns permissions based on job roles rather than individuals.
Root Cause Analysis – Systematic process of identifying the fundamental reason an incident occurred, not just its symptoms.
Ryuk – Ransomware variant known for targeting healthcare and education sectors with .ryk file extensions.