Ransomware is a type of malware that threatens to publish or permanently block access to a victims personal data unless a ransom is paid. Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. The malware then runs a payload, which locks the system in some fashion, or claims to lock the system but does not (e.g., a scareware program) . The two most prevalent types of ransomware are "encryptors" and "screen lockers". Encryptors encrypt data on a system, making the content useless without the decryption key, while screen lockers simply block access to the system with a "lock" screen.
Ransomware has become the most prominent and visible type of malware, with recent attacks impacting hospitals, public services, and various organizations. The modern ransomware craze began with the WannaCry outbreak of 2017, which demonstrated that ransomware attacks were possible and potentially profitable. Since then, dozens of ransomware variants have been developed and used in a variety of attacks.
To be successful, ransomware needs to gain access to a target system, encrypt the files there, and demand a ransom from the victim. Victims of ransomware should report to federal law enforcement and can request technical assistance or provide information to help others by contacting relevant organizations. To prevent ransomware attacks, it is recommended to limit the attack surface, maintain offline, encrypted backups of data, regularly patch and update software and operating systems, and report any incidents.