What is Ransomware?

3 min readJul 22, 2021

Ransomware is a form of malware, malicious software that infects you computer. Ransomware encrypts critical files on your computer, preventing you from accessing certain information or even from using your computer at all.

Once the ransomware has encrypted your computer, it will display a message instructing you to make a payment in order to get the encryption key to decrypt your files. This can cost you anywhere from a few hundred dollars to many thousands.

Ransomware is a criminal enterprise, designed to make money for the cybercriminal who deployed it. Unfortunately, it’s very effective at what it does.

The total cost of ransomware demands in the U.S is expected to $1.4 billion by 2020, according to a report by Emsisoft, and as high as $20 billion globally.

Around 69 percent of companies in North America have been subject to a ransomware attack, as have around 57 percent in Europe. Governments and manufacturing enterprises are the most common targets for ransomware.

Medical facilities are being increasingly targeted because they need access to their computer systems to treat patients and are therefore more likely to pay the ransom.

However, individual users are just as likely to be targeted by a ransomware attack as large businesses.

How Does Ransomware Work?

Ransomware, like all malware, first needs to infect your computer. The most common vector for a malware infection is through an email phishing scam.

Victims might receive an official seeming email from a trusted source, like a utility provider, bank, or government agency with a harmless looking attachment.

When the attachment is accessed, the ransomware program is downloaded onto your computer and installs itself.

Many ransomware programs will include social engineering tools to convince the user to give the program administrative access. The malware might appear to be an update for a trusted program like Adobe Acrobat or iTunes in order to encourage users to grant it administrative privileges.

Once the malware is installed, it encrypts certain files. The specific files encrypted depend on the type of ransomware and can run from just the user’s personal files to the computer’s boot file, stopping the computer from being used at all.

The files, once encrypted, require a decryption key to access and the victim is prompted to make a payment, usually in a cryptocurrency, to get the key.

Because of the wide availability of effective encryption software, it is very difficult, if not impossible to access the files without the decryption key.

Ransomware Variants

There are two primary variants of ransomware; scareware and doxware.

Scareware

Scareware doesn’t actually encrypt your computer. Instead, it attempts to extort payment from you by claiming to be from a law enforcement agency.

The message will generally state that your computer has been locked by an agency like the FBI because of the use of pirated software or the user trying to access pornography. It will then direct the victim to pay a ‘fine’ in a cryptocurrency to unlock the computer.

Doxware

Doxware is a variant of ransomware in which the attack threatens to release private data onto a public forum, like social media, unless a ransom is paid. It can also sometimes be called leakware.

Doxware is the least common form of ransomware because it requires the attacker to positively identify files that are sensitive enough to be ransomed against their release.

A lot of the time, it is simply more efficient for the attacker to lock access to all the files and demand the ransom for access.

How Do I Protect Myself Against Ransomware

While ransomware is a significant and escalating threat, there are some steps you can take to protect yourself against it.

Always keep your operating system up to date and fully patched. Many variants of malware exploit vulnerabilities in unpatched systems. Keeping your computer fully updated keeps those vulnerabilities to a minimum.
Never install any software that you don’t recognize or that you didn’t initiate the instillation of. Even if it seems to be from a trusted source. Do not give administrative access to software unless you know exactly why it needs it and what it is doing.
Install antivirus or anti-malware software and keep it up to date. Most mature anti-malware programs are constantly being updated with the latest ransomware definitions and can stop malware before it takes root in your computer.
Always back up your files. If your computer is infected by ransomware and you are able to remove it, it will already have encrypted your files. This will often mean those files are irretrievable. Having all your data safely backed up means you simply download your files again after removing the malware.