What is ransomware?

Updated at: Oct 01, 2019
By Gatefy

What is ransomware

Ransomware is a malware that, after being installed, encrypts the files on your machine or blocks your system. Then, just as in a hijack, a ransom is required, hence the name ransomware, so that the files are returned or the system released. In general, the payment is requested in cryptocurrency, such as bitcoin and monero, so that it’s impossible to be tracked, securing the hacker identify.

How ransomware infects devices

The most common form of ransomware infection is via email. It usually happens when the user downloads a malicious file that is malware-infected. Another common possibility is when the user clicks on a malicious link within an email and then is redirected to a website. There he is induced to download a ransomware without knowing it.

In addition to email, ransomware infection can happen through advertising that appears on social networks and on legitimate websites. And also when the user accesses suspicious websites to download software and update packages.

The important thing to keep in mind is that ransomware may be hidden in unlikely places and seemingly innocent icons.

How ransomware works

Ransomware operates so that, by infecting the device, it encrypts user files and apps or forbids access to the entire machine's operating system. When the encryption process ends, a screen appears saying the device has been infected and that a ransom needs to be paid or the files will be deleted within hours.

Because it's an advanced threat, ransomware is difficult to detect. Depending on the case, it can even fool security software. And the worst news is that we are all potential victims, as ransomware can hit Windows, Mac, Linux, iOS and Android.

What are the types of ransomware

There are two types of ransomware, or two categories:

Cryptor. Cryptor ransomware encrypts only some files and apps. That is, it still allows you to access your machine partially.

Blocker or Locker. Locker ransomware, as the name suggests, is a more extreme type of ransomware, blocking your entire operating system.

How to protect from ransomware

Protection against ransomware don't differ much from protection against most malware. It's recommended to always keep the operating system up-to-date, be careful with the content of incoming emails, such as suspicious attachments and links, not browse suspicious websites, and have a recent backup in hand.

Some protection software and tools are very helpful in detecting ransomware, but they may not be enough. In the case of companies, for example, it's recommended to use engines like sandbox and CDR (Content Disarm and Reconstruction) for safer protection.