What is Ransomware?

You turn on your computer or laptop and receive a message saying all of your files and documents have been encrypted. At first, you may not understand what happened and may reboot the computer. However, you continue to read the letter that explains that the only way to release the data is by paying a ransom.

The price to release the data can range from a few hundred dollars to thousands. The message may also contain threats about leaking the data to the world. This message was created by ransomware, and someone is trying to extort money from you.

This type of malicious software has been around for a long time and is growing more rampant every year. The first sign of ransomware was found in Russia in 2005. A Trend Micro report in 2006 discussed an early strain of ransomware that targeted Windows computers.

This ransomware strain would explore the hard drive, find some particular files, lock the data into another password-protected file, and then delete the original files. The software then created a ransom note on the drive which told the user how to pay to get the data restored.

This strain was the first of many explored by Trend Micro. In 2011, they reported an SMS ransomware strain. This particular strain would show a ransomware page to the user saying that the files were encrypted also. The user had to pay the ransom by calling a premium SMS phone number.

Until 2012, ransomware was primarily contained in Russia. However, the creators of the ransomware quickly realized that a profitable business could be had if they expanded and executed it correctly. Bitcoin and other anonymous payment forms also helped to increased the use of ransomware.

You can continue reading to find out more about the history and development of ransomware. In this article, you will also learn about how to get rid of ransomware, how it works, and some tips about it. When you are finished reading, you will have a complete understanding of ransomware and be able to protect your computer or laptop.

What is ransomware?

As state above, ransomware is a form of malicious software that prevents you from accessing the data stored on your computer or mobile device. This encryption blocks access to all types of data, including files and documents stored on the device. It can also prevent you from running any kind of program on your device.

If you become a victim of ransomware, you will be told you must pay a ‘ransom’ to remove the blocks from the device. Once these blocks or encryption is removed, you will have complete access to your files, pictures, and documents again.

A person with the proper knowledge or experience can easily decrypt some of the simpler forms of ransomware being used today. The more advanced types of ransomware can make it almost impossible to access the encrypted files without getting the private key from the person who designed the ransomware.

A trojan type of application is used by the ransomware to attack your computer or mobile device. This application enters your system through a weak area (downloaded file or security vulnerability) in your network service by hiding in plain sight.

Most operating systems and networking businesses produce current updates for their programs to help protect against these types of trojan apps by fixing security flaws. However, these updates must be installed by the users, and many users failed to perform the current updates, which in turn leaves their machines and networks vulnerable to ransomware attacks.

When you have downloaded a ransomware program, some programs will run immediately while others will hide in your device. Once the program does run, it will lock the system and encrypt your data within a few seconds.

Besides asking for a ransom, some ransomware programs will make threats which appear to come from a law enforcement agency. These threats can be about illegal programs or files on your computer or mobile device.

Regardless of the type of ransomware, the designer has only one goal in mind, which is getting a free payday. They always want to extort a payment of varying amounts from the victim to restore the computer or mobile device. Typically, the amount requested is based on the individual.

Every ransom is substantial, but the criminal always ensures it is not financially crippling for the victim. In the United States, Tom’s Guide reports that in the United States, an individual is typically asked to pay between $300 and $700 to release the files and documents.

How does ransomware work?

Ransomware uses a variety of routes to access your computer. The most common method for delivery is phishing spam. This ransomware is an attachment to an email from a trusted source which is masquerading as a file that you think you can trust from this source.

You download and open this file because it appears to be from a trusted source, but then it takes over your computer or mobile device. If the ransomware is equipped with a built-in social engineering tool, it can also trick you into allowing administrative access to the file.

A wide array of more aggressive strains of ransomware will exploit the different security holes in your system to infect your computer without the need to use trickery to get inside the device. Once this ransomware has access to your device, it might do a variety of actions.

The most common action by this malware is to encrypt some or all of your files. You can find all of the technical details about the different flavors of ransomware encrypt data at Infosec Institute. However, the most vital piece of information to understand is that a mathematical key must be used to decrypt your files. The attacker is the only individual who has this information.

You will be presented with some type of message that explains your files are now inaccessible and you must send a Bitcoin payment to the attacker to get access to the various data. Some forms of ransomware include threats or warnings from law enforce.

In this form of ransomware, the attacker says he or she is a particular law enforcement agency. This person claims that your computer was locked due to the presence of pornography or pirated software. The payment is called a ‘fine,’ and once this fine has been paid, the law enforcement agency unlocks your device.

The attackers use this form of ransomware as a way to make victims less likely to report the ransomware to the proper authorities even if the victim is innocent of the accusations. However, this form of ransomware is rarely used because it requires this type of pretense.

Leakware or doxware is a variation of ransomware. In this variation, the attacker threatens to release your sensitive data found on your hard drive to the world unless you pay the ransom. However, it is hard to find and extract this type of information, so most attackers use the encryption ransomware.

How did ransomware develop?

The first ransomware was designed in the 1980s and was referred to as PC Cyborg or AIDS. The PC Cyborg ransomware would encrypt all files located in the C: directory after 90 reboots. This malware required the user to renew the license by paying $189 by sending payment in the mail to PC Cyborg Corp.

This first ransomware was simple to reverse, so most computer savvy individuals did not see it as a threat. Over the next ten years, a variety of variants of this ransomware were created. However, the first genuine threat by ransomware would not be developed until 2004.

In 2004, GpCode utilized a weak RSA encryption to block access to personal files until the ransom was paid. This ransomware was much more challenging to reverse.

In 2007, a new design for ransomware was created by WinLock. This ransomware did not encrypt the files but instead locked you out of your desktop.

WinLock created a program that would take over your screen and show you pornographic images. The attacker would demand payment to remove the photos from your screen. Without paying the ransom, it was difficult to remove the images. The fee typically was sent using a paid SMS.

Law enforcement ransomware was released in 2012 by the ransom family Reveton. You would be locked out of your desktop with an official-looking message that included credentials for the FBI or Interpol. This strain of ransomware would claim you committed a crime.

The crimes ranged from computer hacking to child pornography. This strain would require a payment from $100 to $3000 using a UKash or PaySafeCard pre-paid cards. The average user would not know what to think and would probably believe the FBI or Interpol were investigating them.

It seems strange that an innocent person would believe these claims. However, the implied guilt would make the average person question this innocence. Most people would not want to be called out on a crime they unintentionally committed, so would pay the ransom to make it go away.

The encryption strain of ransomware was reintroduced in 2013 by CryptoLocker. This new strain was far more dangerous than the previous strains. The ransomware was designed using military-grade encryption which the key on a remote server.

This design made it almost impossible to get your data back without paying money to the attacker. The current ransomware being utilized today is similar to this strain. It is an incredibly effective way for cybercriminals to make money.

Who does the ransomware target?

Most of the time, ransomware targets large organizations and not individuals. A ransomware attacker may choose from a variety of different ways to pick the perfect organization for an attack. However, sometimes, it is just a matter of opportunity.

An example of this opportunity is a university. Attackers may like universities because the college may have a smaller security team. The college may also have a diverse user base where there is a lot of file sharing. This file sharing makes it easier to penetrate the college’s cyber defenses.

Other attackers may focus on the organizations that are more likely to pay the ransom promptly. Medical facilities and government agencies need access to these encrypted files quickly and may pay the payment within a few hours or days.

Law offices and similar organizations with sensitive data are more likely to pay the ransom to prevent the data compromise from the public. These types of organizations also need access to their files immediately. They are also uniquely sensitive to leakware attacks because of the nature of the data.

Some individuals develop a false sense of security because they do not fit into one of these categories. However, you should never drop your guard. A wide array of ransomware strains spread automatically and indiscriminately around the internet targeting weak security areas.

What are some of the different types of ransomware?

Every year, a new strain of ransomware is introduced. It is a trendy way to attack a computer or other device and receive money. Ransomware comes in a variety of shapes and size, with some strains more dangerous or damaging than others.

The good news is that in the United States the reported attacks dropped from 2637 in 2016 to only 1783 in 2017. This number may make you feel a little safer, but it is vital to remember that ransomware is exceptionally active on the internet, so precaution should be used.

Even though a variety of strains of ransomware are on the internet, the one common denominator is the ransom. Every twist of ransomware will ask the victim to pay some form of payment to access his or her files.

Some of the most prevalent ransomware include scareware, screen lockers, encrypting, doxware, and RaaS, and they are invading the internet today.


Regardless of the name, scareware is the least scary ransomware on this list. This type of ransomware is fake software which will act like a cleaning tool or antivirus for your device. It typically involves rogue security software or tech support scams.

You will see a pop-up message that malware or other issues were discovered on your device. The pop-up claims the only way to remove this malware or other problem is by paying a ransom. Some types of scareware will also lock the device.

You may be bombarded with alerts or pop-up messages if the ransom is not paid. However, your files are, for the most part, safe. You should remember that legitimate programs for security do not solicit customers in this manner.

If you did not install the software on your device, the software company would not be monitoring your device for security issues. Cybersecurity software also does not require you to pay to have a virus or malware removed, because you had already paid the company for this service when you downloaded the program.


This ransomware is also called ‘ransomware as a service’ and is malware that is hosted anonymously by a professional hacker. This hacker will handle all of the steps involved with the ransomware. These steps include distributing the malware, receiving payment to unlock the ransomware, and manage the decryption. This hacker will do all of these steps for a percentage of the ransom.


Doxware is sometimes referred to as leakware. This type of ransomware threatens to expose your stole information by publishing it online if the ransom is not paid. If an individual keeps sensitive files, personal photos, or other incriminating data on his or her device, he or she may panic when receiving this message and pay the ransom immediately.

Screen lockers

This type of ransomware would be labeled terror alert orange when it comes to danger and damage. It completely locks you out of your PC or other devices. It also makes it impossible to get into any of your files, documents, or applications of the device.

When you turn on your computer, you will see a full-size window appear. This window is generally complemented by an FBI, Interpol, United States Department of Justice, or another official-looking seal. The screen details that you have performed illegal activities on the device.

It also states you must pay a fine to unlock the computer. You should realize immediately that this message is a form of ransomware because the FBI and other agencies would not lock you out of your device or ask for payment.

When these types of agencies suspect individuals of crimes, they use the appropriate legal channels to ensure they can prosecute the individual later.

Encrypting ransomware

This strain of ransomware is the most well-known and most dangerous. It can cause you a great deal of frustration and damage to your device. It is a genuinely nasty version of the malware. This type grabs all of your files and encrypts them and then wants payment to decrypt the data.

This ransomware is particularly dangerous because once the attacker gets the files, you cannot use security software or system restore to get them back. You must pay the ransom, or the data is gone forever. Sometimes, when you do pay the ransom, the attacker does not return the files.

One of the most famous examples of crypto malware was the 2017 WannaCry ransomware. This attack focused on hundreds of thousands of computers across the globe. Over time, this vicious malware spread to thousands of corporate networks around the world, causing havoc.

How do you get ransomware?

You can get ransomware in a variety of different avenues. The most popular avenue is through malicious spam. This spam is also called malspam, which is an unsolicited email. This email is used to deliver the malware to your device.

This email typically comes with an attachment. These attachments are booby-trapped with PDFs or Word documents containing the ransomware. Sometimes the email includes a link which when clicked sends you to a malicious website.

At first, you may think it is easy to avoid these attachments, but ransomware utilizes social engineering to trick you into clicking the link or opening the attachments. The ransomware emails look to be from a trusted business, institution, or friend, which makes you think they are legit.

Social engineering is used by a variety of cybercriminals for different ransomware attacks. They use this type of trickery to pose as FBI or Interpol agents. As an FBI or Interpol agent, the criminal hopes to scare you into paying the ransom to unlock your files.

Another channel for ransomware to get to your device is malvertising. This infection method was at its peak in 2016 and has slowly declined. With malvertising or malicious advertising, you do not have to interact with the online advertising to be infected.

If you are browsing the web on legitimate sites, this type of ransomware can send you to the criminal servers without you ever clicking on an advertisement. While on the illegal server, it is collecting and cataloging information about your computer and your location.

Once the server has this information, it will send the appropriate malware to your device. This malware is typically some form of ransomware. If you are infected by malvertising, it is because the criminal uses an infected iframe or invisible webpage element.

This invisible webpage element or iframe redirects your browsing to an exploit landing page. This landing page then sends a malicious code which attacks your system from the page using an exploit kit. If this happens to you, you will probably not even realize it has happened. Some experts call this process the drive-by-download.

How do you remove ransomware?

Once you have received the infected message from the criminal, you must pay close attention to the ransom message. The next step is to ask the advice of a security or IT specialist.

The expert will say the first step after you have been infected by ransomware is to regain control of your device. If you do not want to involve an expert, you will find a variety of videos are available to show you the proper steps to take. The most critical steps for Windows 10 operating system include:

• Rebooting the device into safe mode
• Purchase and install antimalware software
• Find the ransomware program by scanning the device’s hard drive
• Restoring the device to a previous state

These steps will help you to regain control of your device but may prove to be ineffective in decrypting your files. Your files have already been transformed into unreadable data. Most malware today is exceptionally sophisticated, which makes it almost mathematically impossible for anyone to decrypt the files without the key.

You must also consider the fact that by removing the malware, you removed the possibility of restoring the files by paying the ransom. However, you will find the number one rule when dealing with ransomware is never to pay the ransom.

The FBI created this rule because when you pay the ransom, it only encourages the cybercriminals to attack the next individual or to attach you again. Sometimes the decrypted files can be saved by using a free decryptor.

However, as stated above, not all strains of ransomware have decryptors. Also, it is essential to remember that even if a decryptor does exist, it does not make it the right version for your infected malware device.

Another step you can take to deal with an infection is to download a security product which is known for remediation. Once you have downloaded the product, you can run a scan to remove the threat. This step may not get your files back, but it will clean out the infection from your computer.

It is possible to stop an encrypting ransomware infection in action, but you have to be vigilant. If your system starts to slow down without any reason, you should shut it off immediately and disconnect the internet.

This process stops the active malware from sending or receiving instructions. Without these instructions, the ransomware may remain idle, which would allow you to purchase a security product and run a complete system scan.

What are some tips for avoiding a ransomware infection?

It can be challenging to stop ransomware attacks because it is an easy and profitable business for cybercriminals. The best way to protect your personal information and data is by preventing an infection. You can take a variety of steps to deter cybercriminals from attacking your devices.

The first step is to protect your data with a security software suite of programs. This suite should offer you more than just an antivirus feature. For example, Norton Security offers you protection while detecting unknown threats on your device. Do not forget to protect your mobile phone, also.

Once you have installed this security software, you must be sure to keep it up to date. Every month new variants of ransomware are being designed to attack your devices. Your internet security suite will continue to update to protect you from these cyber attacks.

You should also update your operating system and any other software on your device to be sure the security is current. These updates typically include patches or fixes for previously undiscovered security vulnerabilities within the operating systme. These vulnerabilities need to be fixed, or the attackers could exploit them.

One of the best ways to protect yourself against ransomware is to practice smart computing. You should think twice before opening emails or attachments from sources you do not recognize. You should never click a link in an email even if it is from a trusted source.

Another way to practice smart computing is to stay out of the dark corners of the web. This statement means to avoid free music and movies which are typical lures for people. You should also avoid installing any applications on your device unless you are absolutely positive of the source.

You can also view or double check the file extension for these types of files to be sure. Some extensions to avoid include ‘. app’, ‘exe.’ and ‘scr.’ Another idea is to restrict app downloads to your known sources such as Google Play or iTunes.

If you are practicing smart computing, it will decrease your risk of being attacked by ransomware. However, you should also back up all of your relevant data, including files and pictures to an external hard drive.

One of the ways a cybercriminal gains leverage is by encrypting your valuable files. They make these files inaccessible and then demand money to make them accessible. If you have made backup copies, the criminal loses the upper hand.

You are able to use these backup files to restore your data once you have cleaned the infection out of your device. You should store these files offline and adequately protect them so any potential cybercriminal cannot gain access to them.

You can also use a cloud service. This type of service can alleviate a ransomware attack because many cloud service providers will keep a previous version of a variety of files. These earlier versions enable you to roll back to an unencrypted version.

Many people will want just to pay the ransom to get their files returned. However, all experts agree that the ransom should never be paid. You may say that your data are worth the payment, but when you pay the ransom, there is not a guarantee that your data will be returned.

A cybercriminal could ask you to pay a second or even a third ransom before releasing the files. He or she could continue to extort money from you without ever releasing the data. These individuals make money off of preying on innocence people like you.

New variants of ransomware are popping up frequently, so you must be prepared to do whatever you need to do to minimize your risk. The above steps are an excellent way to help protect your device and data from these criminals.