Ransomware

What is ransomware?

There are two types of ransomware: crypto-ransomware that encrypts files (rendering them unreadable), and screen-locking ransomware that locks the home screen. In both cases, the authors of malicious software demand a ransom from its victims to access the files and device.

How ransomware spreads

Ransomware is frequently spread via email: a cybercriminal sends an email with an attachment. The unsuspecting user opens the document (or java script file), which looks like gibberish. The document recommends enabling macros “if the data encoding is incorrect,” which, of course, it is by design. Enabling macros allows the ransomware to be secretly downloaded onto computers via a drive-by download.

What it is after

Crypto-ransomware then proceeds to encrypt all files it finds (images, videos, office files…). It even scrambles data on removable drives plugged in at the time. Now that all files are encrypted, the ransomware asks for payment in exchange for unscrambling them. Payment is frequently demanded in bitcoin and can cost up to several thousands of dollars. In the case of screen-locking ransomware, the malware locks the home screen – preventing users from accessing their devices – and similarly demands payment for regaining access.

Known cases

CryptoLocker, FBI Ransomware, and Locky are three cases of widespread ransomware that have infected millions of victims.

How to protect yourself from ransomware

We recommend you back up your data on a regular basis, so that if your data is ever encrypted, you still have access to them and you can wipe your hard drive if need be. To detect and block ransomware, use security software such as Avira Free Antivirus.

Download Free Antivirus

The Avira Security Wordbook

Search our threat glossary for clarifications on frequently used terms in IT security.