Ransomware is a malicious program (malware) that attempts to infect a device and hold it hostage using encryption or other means until the victim pays a ransom in exchange for access to the files or the device. Ransomware authors might request payment for the ransom by credit card, PayPal or My Cash card. However, increasing they are using cryptocurrency because of its anonymity.
The goal can vary from stealing data to just to causing harm, by disrupting operations or destroying infrastructure, however the most common motivation is financial gain. Because of this, ransomware is usually conspicuous. When it infects a computer, it will display a dialog box telling the user that his files are encrypted and demanding some form of payment to get the files or device back. Also, ransomware can use a device’s speaker to talk to the victim and scare them into making the payment.
There are many variations of ransomware, but they are classified in three distinct categories. The first type is called file lockers. File lockers are by far the most common form and will encrypt, lock or corrupt files on the victim’s computer. Typically, they will search the hard drive for specific types of files to encrypt.
The second type of ransomware is disk lockers. Disk lockers will deny access to the disk by either overwriting the boot record (MBR), encrypting the disk or wiping the disk. Most disk lockers are capable of ransoming both older hard disk drives and newer SSD drives.
The third type of ransomware is screen lockers. Screen lockers attempt to lock the device or screen to prevent users from accessing their applications, files and data. They typically lock the screen by using a fullscreen window that remains as the topmost window, preventing the user from accessing other windows on the system until a ransom is payed.