en English

What is ransomware?

Ransomware is a cyber-extortion tactic that uses malicious software to hold a user’s computer system hostage until a ransom is paid. Ransomware attackers often demand ransom in cryptocurrency such as Bitcoin due to its perceived anonymity and ease of online payment.

binance banner

This specific kind of malicious software is used for extortion. When a device is successfully attacked, malware blocks the screen or encrypts data stored on the disk and a ransom demand with payment details is displayed to the victim.


  • Ransomware is a form of malware that encrypts a user’s computer files for a period of time, rendering them inaccessible, until a ransom is paid to the attacker.
  • The ransom is often demanded in a cryptocurrency such as Bitcoin, which facilitates the online and anonymous payment.
  • If the ransom is not paid in a timely manner, the amount demanded may increase until ultimately the user’s data is destroyed entirely.
  • Ransomware attacks have been identified around the world, costing billions of dollars in bounty paid each year.

How to recognize ransomware?

If you have been attacked, ransomware will in most cases inform you by displaying a ransom message on your screen, or by adding a text file (message) to the affected folders. Many ransomware families also change the file extension of the encrypted files.

How does ransomware work?

There are multiple techniques used by the ransomware operators:

  • Diskcoder ransomware encrypts the whole disk and prevents the user from accessing the operating system.
  • Screen locker blocks the access to the device’s screen.
  • Crypto-ransomware encrypts data stored on victim’s disk. 
  • PIN locker targets Android devices and change their access codes to lock out their users. 
Read also:  What is Smishing and How to Defend Against it

All the above-mentioned kinds of ransomware demand payment, most often requesting it to be made in bitcoin or some other hard-to-trace cryptocurrency. In return, its operators promise to decrypt the data or restore access to the affected device.

Ransomware attackers can infect many computers at once through the use of botnets. A botnet is a network of devices compromised by cybercriminals without the knowledge of the owners of the devices. The hackers infect the computers with malware that gives them control of the systems, and use these breached devices to send millions of compromised email attachments to other devices and systems. By kidnapping multiple systems and expecting the ransom to be paid, the perpetrators are banking on having a huge payday.

We need to stress that there is no guarantee that cybercriminals will deliver on their side of the bargain (and sometimes are unable to do so, either intentionally or because of incompetent coding). Therefore ESET recommends not paying the sum demanded – at least not before contacting ESET technical support to see what possibilities exist for decryption.

How to stay protected?

Basic rules you should follow to avoid your data being lost:

  • Back up your data on a regular basis – and keep at least one full backup off-line
  • Keep all your software – including operating systems – patched and up to date

However to help users/organizations recognize, prevent and remove ransomware a reliable and multi-layered security solution is the most efficient option.

Advanced rules mainly for businesses

  • Reduce the attack surface by disabling or uninstalling any unnecessary services and software
  • Scan networks for risky accounts using weak passwords
  • Limit or ban use of Remote Desktop Protocol (RDP) from outside of the network, or enable Network Level Authentication
  • Use a Virtual Private Network (VPN)
  • Review firewall settings
  • Review policies for traffic between internal and outside network (internet)
  • Set up a password in the configuration of your security solution(s) to protect it/them from being turned off by the attacker
  • Secure your backups with two- or multifactor authentication
  • Regularly train your staff to recognize and deal with phishing attacks
Read also:  Phishing for crypto: How bitcoins are stolen

Example of Ransomware

A company that has been held hostage by ransomware can have its proprietary information destroyed, operations disrupted, reputation harmed, and finances lost. In 2016, Hollywood Presbyterian Medical Center paid about $17,000 in Bitcoins to ransomware attackers who had taken the data of the hospital’s patients hostage. During the crisis, some patients had to be transferred to other hospitals for treatment and the medical records system was inaccessible for ten days, disrupting the daily operations of the hospital.

Article Source: eset.cominvestopedia.com

Protect Your Money From Online Scammers

Before you start risking your money, check the credibility of the desired website. Search for its URL in the our long list of Scam sites, or send us a request to check its validity, and do not register, buy or invest in it until you are sure of the validity and legality of that website or platform.