Ransomware is malware that encrypts files on the infected system and then demands a ransom for the decryption key. Modern variants additionally practise double extortion: data is exfiltrated before encryption and the attacker threatens to publish it. Common infection vectors are phishing emails, compromised websites, and vulnerable remote-access services. Effective protection combines regular offline backups, network segmentation, Endpoint Detection and Response (EDR), and trained staff. In your ISMS you should treat ransomware as a dedicated risk scenario and periodically verify that the required recovery time (RTO) can actually be met.