Ransomware is a cryptovirology term for malware that threatens to reveal the victim’s personal information or keep access to it closed unless a ransom is paid. Being hit by ransomware can be a traumatizing experience, especially if the malware is advanced and aggressive enough to encrypt all your personal files and system’s master key.

The problem with ransomware is that it may automatically execute as soon as you go online (for example, if your computer is part of a botnet controlled by cybercriminals), or even when you simply open your browser. Once launched, ransomware tries to connect to its Command & Control server and download a unique decryption only for the victim it infected. If successful, the malware informs its creator about the payment status; otherwise, it keeps your files hostage until you pay up or get lucky and finally regains access to your data.

If you ever wondered how ransomware can encrypt all of your personal data (documents, pictures, videos), we’ll try to clarify things here: first, ransomware modifies a system’s registries in order to run on every startup; second, it creates a unique AES key and stores this key into an encrypted file that is saved in each folder containing your private information (for example DOCX files); third, it assigns an instruction to these encrypted files, so they won’t be opened unless decrypted with the unique AES key. Once this is done, everything you have stored on your computer or laptop can be read-only with the help of this unique AES key.

Ransomware spreads around by being attached to fake PDFs, ZIPs, RARs uploading itself onto unprotected devices, torrented files, and so on. After infecting a device, ransomware usually “locks” it’s displaying a message that demands money for decrypting personal data – hence why it’s called “ransom”. To restore access to your locked computer system, you should remove the offending application without paying any money because there are no guarantees that criminals will actually delete your files.

How To Protect From Ransomware?

In order to prevent being infected, you need to use powerful anti-ransomware software. In addition, make sure your computer’s protected with all available security patches, don’t open suspicious email attachments and files downloaded from the web and keep a backup of your important data stored in some safe place – even on an unconnected device such as an external hard drive. One more thing: encrypting files using AES is not enough protection against ransomware because nowadays, the malware uses special algorithms that can block access to encrypted files and stop Bitdefender from trying the recovery key attack. So if you want truly reliable protection against ransomware attacks, you should use several security layers at once.

How Does Ransomware Work?

Ransomware is designed to achieve persistence on an infected computer, which means that if it infects your PC or mobile device, chances are that you will not be able to remove it without professional support. It exists in two very distinct forms: as a ransomware-as-a-service, which is a type of malware that is often available for purchase on the dark web; and as traditional ransomware, which is developed by groups of hackers looking to make a profit.