Ransomware, or ransom malware, is a type of malware that implements denial-of-access attacks. What makes ransomware unique is that it locks victims' computers or systematically encrypts files on the victims' hard disks until a ransom is paid.
Ransomware requires the victims to pay a ransom in return for regaining control of their computers or for receiving decryption keys required to decrypt the files. Ransomware is often spread through Trojan horses. Disguised as a legitimate file, it usually uses phishing emails or other social engineering methods to deceive victims into clicking links for downloading. Ransomware, like many other worm viruses, may also spread among computers on the Internet by exploiting software vulnerabilities.
Types of Ransomware
Differing in how victims' systems are controlled, ransomware can be classified into the following types:
Kidnapping user data
User files or data is encrypted using an encryption algorithm (such as AES or RSA) and cannot be operated by users without the corresponding keys, even though users can access their devices.
Typical ransomware includes WannaCry, GlobeImposter, CryptoLocker, and TeslaCrypt.
Locking user devices
User files are not encrypted, but users are denied access to their devices due to the modification of some configurations or system files.
Typical ransomware includes NotPetya.
Locking user devices and kidnapping data
User files are encrypted, and user devices are locked. This type of ransomware is a combination of types 1 and 2.
Typical ransomware includes BadRabbit.
Ransomware Intrusion Methods
Figure 1-2 shows the common intrusion methods of ransomware.
For more information, see Ransomware
