Introduction
Ransomware is a form of malware that restricts or prevents users from accessing their own systems, usually by means of encrypting files automatically. It requires users to provide payment through online methods before restoring access to the systems. The first observed instance of ransomware, which locked the screen and demanded payment, was in 2009 and found in Russian-speaking countries. In the past few years, ransomware has posed a very real threat to the world. There is evidence of thousands of infections, ranging from typical home users to enterprise networks. Defense measures are rapidly being developed to detect and prevent ransomware, but it’s highly likely that ransomware will continue to evolve and present a danger for years to come.
There are two main types of ransomware: locker ransomware and crypto ransomware.
Locker ransomware prevents users from accessing the interface of their computer. It simply modifies the machine to make normal usage impossible. There are a number of ways locker ransomware can accomplish this, but in all of them the user is given some limited ability in order to interact with the ransomware. This allows the user to provide payment for unlocking the machine.
Crypto ransomware prevents users from accessing the files on their computer. It accomplishes this by encrypting the files present on the machine – as well as any network- shared files the machine may have access to – without presenting the encryption key to the user. The ransomware then demands a payment from the user in exchange for the decryption key, which would be used to decrypt the files and allow the user to access them again.