Shield your data from ransomware that encrypts files and demands payment for their release, ensuring your digital safety.

Back to glossary

Ransomware is a type of malicious software, or malware, that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. It's a prevalent and serious threat in the realm of cybersecurity, with far-reaching implications for individuals, businesses, and even governments. This glossary entry will delve into the intricacies of ransomware, its types, how it works, its history, prevention methods, and more.

Understanding ransomware is crucial in today's digital age. With an increasing amount of sensitive information being stored online, the potential damage that can be caused by ransomware is immense. This glossary entry aims to provide a comprehensive understanding of ransomware, equipping readers with the knowledge to protect themselves and their data.

What is ransomware?

Ransomware is a form of malware that encrypts a victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.

It's important to note that paying the ransom does not guarantee that the users can eventually access the locked data. In many cases, users may not even get the decryption key after paying the ransom. Furthermore, by paying the ransom, the victims are encouraging the cybercriminals' malicious activities.

Types of ransomware

There are three main types of ransomware, varying in severity: scareware, screen lockers, and encrypting ransomware. Scareware involves a strategy of intimidation, with victims receiving pop-up messages claiming that malware has been discovered on their computer, and they need to pay to remove it. However, there's usually no real threat.

Screen lockers, as the name suggests, lock the user out of their computer interface, displaying an official-looking page that claims illegal activity has been detected on the computer and payment is required to unlock it. Encrypting ransomware, the most dangerous type, involves sophisticated software that encrypts the victim's files, demanding payment in return for the key to unlock the data.

How Does ransomware work?

Ransomware can infect a computer in several ways, but one of the most common methods is through phishing spam. This involves attachments that come to the victim in an email, masquerading as a file they should trust. Once they're downloaded and opened, they can take over the victim's computer, especially if they have built-in social engineering tools that trick users into allowing administrative access.

Another popular method is through exploit kits. These are tools used by cybercriminals to take advantage of software vulnerabilities. They scan for security holes in popular software such as Java, Adobe Reader, and Flash, and then use these holes to download and launch the ransomware.

The encryption process

Once the ransomware has been executed on a system, it starts encrypting files. It uses an encryption algorithm to scramble the data in the files, making them unreadable. The files can only be decrypted using a unique key, which is held by the attacker. The victim is then presented with a ransom note, explaining that their files have been encrypted and how much they need to pay to get them back.

The encryption process is usually very quick, often taking only a few minutes to encrypt all the files on the system. This is because the ransomware typically targets the most common types of files, such as documents, spreadsheets, and multimedia files, which are likely to hold valuable information.

History of ransomware

Ransomware has been around in some form or another for over 30 years. The first known ransomware attack occurred in 1989 and was called the AIDS Trojan. The malware was spread through floppy disks that were mailed to AIDS research organizations and encrypted files after the system had been rebooted a certain number of times. However, this early form of ransomware was relatively easy to overcome.

It wasn't until the mid-2000s, with the rise of anonymous payment systems like Bitcoin and improved encryption algorithms, that ransomware really started to become a major problem. The first modern ransomware, CryptoLocker, appeared in 2013 and was a game-changer. It used strong, unbreakable encryption and demanded payment in Bitcoin, making it almost impossible to recover the files without paying the ransom.

Notable ransomware attacks

There have been several notable ransomware attacks over the years. The WannaCry ransomware attack in 2017 was one of the most widespread, affecting hundreds of thousands of computers in over 150 countries. The ransomware exploited a vulnerability in Microsoft's Windows operating system, encrypting files and demanding a ransom in Bitcoin.

The NotPetya ransomware attack, also in 2017, initially targeted Ukraine but quickly spread worldwide. Unlike other ransomware attacks, NotPetya was designed to cause disruption rather than to extort money, as it encrypted files without any way of recovering them, even if the ransom was paid.

Preventing ransomware

Preventing ransomware involves a combination of good cybersecurity practices and the right technology. One of the most effective ways to prevent ransomware is to regularly back up your data. This means that even if your files are encrypted by ransomware, you can restore them from a backup without having to pay the ransom.

Another crucial prevention method is to keep your software and operating system up to date. Many ransomware attacks exploit vulnerabilities in outdated software, so by keeping your software updated, you can reduce the risk of an attack. It's also important to be wary of unsolicited emails with attachments or links, as these can often be phishing attempts.

Security software

Having the right security software can also help to prevent ransomware attacks. This includes antivirus software, which can detect and remove malware, and a firewall, which can block unauthorized access to your computer. There are also specific anti-ransomware tools available that can detect and block ransomware before it can encrypt your files.

However, it's important to remember that no security software can provide 100% protection against ransomware. Cybercriminals are constantly developing new types of ransomware and finding new ways to bypass security measures. Therefore, a combination of good cybersecurity practices and the right technology is the best defense against ransomware.

Responding to a ransomware attack

If you become a victim of a ransomware attack, the first thing to do is to disconnect the infected device from the network to prevent the ransomware from spreading to other devices. Then, report the incident to your local law enforcement agency and notify your cybersecurity provider if you have one.

It's generally advised not to pay the ransom, as this doesn't guarantee that you'll get your files back and it encourages the cybercriminals. Instead, if you have a recent backup of your files, you can restore them once the ransomware has been removed from your system. If you don't have a backup, there are some tools available that can decrypt certain types of ransomware, although these are not always successful.

Removing ransomware

Removing ransomware from your system can be a complex process, and it's usually best to seek professional help. Some antivirus software can remove ransomware, but this often requires a certain level of technical knowledge. In some cases, it may be necessary to wipe your system and reinstall your operating system.

It's important to remember that removing the ransomware doesn't decrypt your files. The encryption used by ransomware is usually very strong and can't be broken without the decryption key. Therefore, the best defense against ransomware is prevention, through good cybersecurity practices and regular backups of your data.


Ransomware is a serious threat in the digital world, with the potential to cause significant damage to individuals and organizations. Understanding what ransomware is, how it works, and how to prevent and respond to attacks is crucial in protecting your data and maintaining your digital security.

The key to defending against ransomware is a combination of good cybersecurity practices, such as regular backups and software updates, and the right technology, including antivirus software and firewalls. However, as cybercriminals continue to evolve their tactics, it's important to stay informed about the latest threats and how to combat them.

This post has been updated on 17-11-2023 by Sofie Meyer.

Author Sofie Meyer

About the author

Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.

Similar definitions

QuillBot Transient Shaking my head (SMH) Characterization Queue Demarcation point Concatenation Visitor location register (VLR) Markov decision process (MDP) Spam Passive optical network (PON) Catfishing Digital rights management (DRM) TL;DR Domain name system (DNS)