What Is Ransomware?

Ransomware is a type of malicious software from Cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system in a way that is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as Ukash and Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult.

Users may encounter this threat through a variety of means. Ransomware can be downloaded onto systems when unwitting users visit malicious or compromised websites. It can also arrive as a payload either dropped or downloaded by other malware. Some ransomware is known to be delivered as attachments from spammed email, downloaded from malicious pages through malvertisements, or dropped by exploit kits onto vulnerable systems.
Once executed in the system, ransomware can either lock the computer screen or, in the case of crypto-ransomware, encrypt predetermined files. In the first scenario, a full-screen image or notification is displayed on the infected system's screen, which prevents victims from using their system. This also shows the instructions on how users can pay for the ransom. The second type of ransomware prevents access to files to potentially critical or valuable files like documents and spreadsheets.

Related Articles: What Is Computer Virus? Different Types Of Computer Viruses. 

 What Is Trojan Horse? Types Of Trojan Horse.

Different Types Of Ransomware


WannaCry is the most recent (last May) and the largest Ransomware attack to date. It infected more than 100,000 computers by taking advantage of an unpatched Microsoft Windows vulnerability.

CRYPTO Ransomware

Crypto ransomware is as simple as weaponizing strong encryption against victims to deny them access to those files. Once the ransomware infiltrates the victim's device, the malware silently identifies and encrypts valuable files. Only after successfully accessing target files has been restricted does the ransomware ask the user for a fee to access their files. Without the decryption key held by the attackers, or in some cases, a vendor decryption solution, the user loses access to the encrypted files. Crypto ransomware often includes a time limit. Some variants of crypto-ransomware even provide users with a site to purchase Bitcoins and articles explaining the currency.

LOCKER Ransomware

This is also known as a computer locker. This ransomware doesn't encrypt the files of the victim but instead, it denies access to the device. This locks the device's user interface and then demands the victim for the ransom. This ransomware will leave the victim with very few capabilities such as allowing the victim just to communicate with the attacker and to pay the ransom.


Locky has first seen arriving as a macro in a Word document, and then spotted being spread via Adobe Flash and Windows Kernel Exploits. Locky ransomware is known for deleting shadow copies of files to make local backups useless. Cryptowall – Its latest version is known for encrypting also the names of the encrypted files making it harder for the victim to know what has been encrypted. It is spread in many ways such as attachments in phishing emails from financial institutions. The ransom demanded is usually $700, doubling after about a week to $1400.

Related Articles: What Is Computer Worm? Different Types Of Computer Worms. 

What Is Spyware? Types Of Spyware and Effects Of Spyware.


Cerber is the world’s biggest ransomware-as-a-service scheme, it isis a franchise scheme, with its developer recruiting affiliates who spread the malware for a cut of the profits. Cerber was used in an attack that potentially exposed millions of Microsoft Office 365 users to the infection.


This form of ransomware can encrypt files on fixed, removable, and network drives and it uses strong encryption algorithms and a scheme that makes it difficult to crack within a reasonable amount of time.


Ransomware has been around in some form or another for the past two decades, but it really came to prominence in 2013 with CryptoLocker. The original CryptoLocker botnet was shut down in May 2014, but not before the hackers behind it extorted nearly $3 million from victims. Since then, hackers have widely copied the CryptoLocker approach, although the variants in operation today are not directly linked to the original. The word CryptoLocker, much like Xerox and Kleenex in their respective worlds, has become almost synonymous with ransomware.


Initial reports categorized NotPetya as a variant of Petya, a strain of ransomware first seen in 2016. However, researchers now believe NotPetya is instead a malware known as a wiper with the sole purpose of destroying data instead of obtaining a ransom.

Related Articles: What Is Adware? Different Types Of Adware. 

What Is Rootkit? Different Types Of Rootkits.


TeslaCrypt is another new type of ransomware on the scene. Like most of the other examples here, it uses an AES algorithm to encrypt files. It's typically distributed via the Angler exploit kit specifically attacking Adobe vulnerabilities. Once a vulnerability is exploited, TeslaCrypt installs itself in the Microsoft temp folder.


TorrentLocker is typically distributed through spam email campaigns and is geographically targeted with email messages delivered to specific regions. TorrentLocker is often referred to as CryptoLocker, and it uses an AES algorithm to encrypt file types. In addition to encoding files, it also collects email addresses from the victim’s address book to spread malware beyond the initially infected computer—this is unique to TorrentLocker.

Related Articles: What Is Scareware? Effects Of Scareware.

What Are Digital Footprints? Its Significance And Consequences? How To Manage Digital Footprints?


ZCryptor is a self-propagating malware strain that exhibits worm-like behavior, encrypting files and also infecting external drives and flash drives so it can be distributed to other computers.