Ransomware is a type of malware that threatens to publish or permanently block access to a victims personal data unless a ransom is paid. Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. Once the program runs a payload, it locks the system in some fashion, or claims to lock the system but does not (e.g., a scareware program) . The implementation details of ransomware vary from one variant to another, but all share the same goal of extorting money from victims by blocking or preventing access to data on their systems.
There are two main types of ransomware: encryptors and screen lockers. Encryptors encrypt data on a system, making the content useless without the decryption key, while screen lockers simply block access to the system with a "lock" screen, asserting that the system is encrypted.
Ransomware has quickly become the most prominent and visible type of malware, and recent ransomware attacks have impacted hospitals, public services, and various organizations. The modern ransomware craze began with the WannaCry outbreak of 2017, which demonstrated that ransomware attacks were possible and potentially profitable. Since then, dozens of ransomware variants have been developed and used in a variety of attacks.
To prevent ransomware attacks, it is recommended to limit the attack surface, report incidents to federal law enforcement, maintain offline, encrypted backups of data, regularly patch and update software and operating systems, and request technical assistance or provide information to help others by contacting relevant authorities.