What is Ransomware?

Threat Type: Ransomware

Category: Malware-Based Threat

Cyber Threat Indicators

Ransomware is a type of malicious software (malware) that prevents you from accessing your computer files, systems, or networks, and then demands a ransom (money).

Core Characteristics

Data Restriction the primary goal is to block access to your data or entire system. This is typically done through file encryption or by completely locking the screen of the device.

Extortion & Ransom Demand a message is displayed that demands a payment (the ransom) in exchange for the decryption key or an unlock code. The demand often includes a deadline and a threat to increase the ransom or destroy the data if not met.

Anonymity attackers almost always demand payment in cryptocurrency (like Bitcoin or Monero) and provide instructions via anonymous channels (like a Tor-based website) to obscure their identity and location.

Double Extortion modern attacks frequently steal (exfiltrate) sensitive data before encrypting it. They then threaten to publish the stolen data online if the ransom is not paid, adding reputational damage and regulatory fines to the financial and operational losses.

Targeting Backups sophisticated ransomware variants often attempt to find and encrypt or delete any available backups (especially network-connected ones) to make data recovery impossible without paying.

Common Tactics

Phishing Emails: This is the most popular method. Attackers send emails with malicious attachments (like an infected Word or Excel file) or links that, when clicked, download and execute the ransomware on the victim's system.

Exploiting Vulnerabilities: Attackers scan for and exploit unpatched security flaws in operating systems, software, or network services (like an exposed Remote Desktop Protocol, or RDP) to gain initial access before deploying the malware.

Malvertising: Malicious advertisements on legitimate websites can redirect users to infected sites that automatically download and install the ransomware without the user having to click anything (a drive-by download).

Ransomware-as-a-Service (RaaS): This business model allows low-skilled criminals ("affiliates") to lease professionally developed ransomware from the creators, making attacks more accessible and widespread.

Common Examples

WannaCry (2017): A famous example that spread rapidly worldwide by exploiting a vulnerability in outdated Microsoft Windows systems.

LockBit: One of the most prolific RaaS groups, known for its speed of encryption and targeting large corporations for massive ransom payments.

REvil/Sodinokibi: Another major RaaS operation that gained notoriety for targeting managed service providers (MSPs) and using double-extortion tactics.

NotPetya (2017): Initially appeared as ransomware but was largely considered a wiper (destroying data permanently) because the encryption was designed to be virtually irreversible, even with the key.

---

VIIEGO the human security agency for human security research and consulting in identity manipulation and fraud prevention to decode human behavior and secure your identity.

www.viiego.com | Protect What's Yours.