Ransomware is a type of malicious software most commonly designed to encrypt your computers files so you can no longer access them until a ransom payment is made. Once the ransomware attack launches it will begin to encrypt all files and folders on the local system, but often can also take over attached drives, other computers on the network and potentially backup drives too.
After the encryption is successful, generally a splash screen page will appear on your desktop or a ransom note will be posted on how to get your files back demanding payment in the form of Bitcoin. Bitcoin is a type of crypto currency and digital payment system in which encryption techniques are used to generate units of currency and verify the transfer of funds.
Below is an example of the WannaCry Ransomware splash screen and note:
The ransom note will typically have instructions how to purchase Bitcoin and how to send them to the hacker’s personal Bitcoin wallet. Although, even if you follow their instructions and make the payment you are not guaranteed to receive the decryption key required to retrieve your files.
You might be thinking why can’t these hackers be tracked down? Bitcoin operates independently of a central bank, making it difficult to track and attractive for hackers to use for receiving these ransom payments.
There are thousands of different types of Ransomware that all differ in their behavior, instructions and devious ways in which they try to get you to pay. In the case of WannaCry, it will start to raise the ransom amount after a set time and ultimately delete all your files if you do not comply with the demands.
Read our article titled Types of Ransomware to learn about the most common types of ransomware.
Ransomware can infect your computer in multiple ways. The most common way is through a phishing email where a user is tricked into clicking a malicious link that downloads the ransomware directly onto the computer. These emails often appear legitimate, but actually contain ransomware code waiting to take over your computer.
You can also get ransomware through known software vulnerabilities, or drive-by downloads on compromised websites. Read our article titled How Does Ransomware Spread to learn more about the different ways you can get infected by ransomware.
The best ways to prevent ransomware are to maintain good security practices, back up files, and use anti-ransomware software.
Read our article titled How to Prevent Ransomware to learn more about protecting yourself against Ransomware attacks.