Ransomware explained: How it works and how to remove it

What is ransomware?

Ransom malware, or ransomware, is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access. The earliest variants of ransomware were developed in the late 1980s, and payment was to be sent via snail mail. Today, ransomware authors order that payment be sent via cryptocurrency or credit card.

Types of ransomware

There are three main types of ransomware, ranging in severity from mildly off-putting to Cuban Missile Crisis dangerous. They are as follows:

• Scareware
• Screen lockers
• Encrypting ransomware

Ransomware definition

Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. 

Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cyber criminals in Bitcoin.

How ransomware works

There are a number of vectors ransomware can take to access a computer. One of the most common delivery systems is phishing spam — attachments that come to the victim in an email, masquerading as a file they should trust. Once they're downloaded and opened, they can take over the victim's computer, especially if they have built-in social engineering tools that trick users into allowing administrative access. Some other, more aggressive forms of ransomware, like Not Petya, exploit security holes to infect computers without needing to trick users.

How to prevent ransomware

There are a number of defensive steps you can take to prevent ransomware infection. These steps are a of course good security practices in general, so following them improves your defenses from all sorts of attacks:

Keep your operating system patched and up-to-date to ensure you have fewer vulnerabilities to exploit.

Don't install software or give it administrative privileges unless you know exactly what it is and what it does.

Install antivirus software, which detects malicious programs like ransomware as they arrive, and whitelisting software, which prevents unauthorized applications from executing in the first place.

And, of course, back up your files, frequently and automatically! That won't stop a malware attack, but it can make the damage caused by one much less significant.