What Is Ransomware?

Ransomware is a type of malware that restricts access to the infected computer system in some way, and demands that the user pay a ransom to the malware operators to remove the restriction. Ransomware typically propagates as a trojan, entering a system through, for example, a downloaded file or a vulnerability in a network service. The program then runs a payload, which typically takes the form of a scareware program. Payloads may display a fake warning purportedly by an entity such as a law enforcement agency, falsely claiming that the system has been used for illegal activities, contains illegal content such as pornography and pirated software or media, or runs a non-genuine version of Microsoft Windows. Some payloads consist simply of an application designed to lock or restrict the system until payment is made, typically by setting the Windows Shell to itself, or even modifying the master boot record and/or partition table to prevent the operating system from booting until it is repaired. The most sophisticated payloads encrypt files, with many using strong encryption to encrypt the victim's files in such a way that only the malware author has the needed decryption key. Payment is virtually always the goal, and the victim is coerced into paying for the ransomware to be removed - which may or may not actually occur - either by supplying a program that can decrypt the files, or by sending an unlock code that undoes the payload's changes. A key element in making ransomware work for the attacker is a convenient untraceable payment system. A range of such payment methods have been used, including: wire transfer, premium-rate text messages, online payment voucher service such as Ukash or Paysafecard, and the digital currency Bitcoin. Read more here.