Ransomware

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

Ransomware, also known as filecoder, is a type of malicious software that encrypts files or locks devices, demanding a ransom—typically in cryptocurrency—for restoration of access. Modern ransomware has evolved significantly, often combining multiple extortion techniques and targeting high-value systems.

How It Works

•Infiltration: Delivered via phishing emails, malicious attachments, compromised websites, or software vulnerabilities.

•Encryption: A symmetric key is used to encrypt files, which are then encrypted with an embedded public key.

•Extortion: Victims are shown a ransom note demanding payment in exchange for the decryption key.

•Exfiltration (modern addition): Many variants now steal data before encryption, threatening to leak it if the ransom is not paid (double extortion).

•Disruption (modern addition): Some ransomware turns off backups and recovery tools to increase pressure on victims.

Modern Tactics

•Double/Triple Extortion: Encrypt, steal, and threaten public leaks or DDoS attacks.

•Ransomware-as-a-Service (RaaS): Affiliate-based models allow less-skilled actors to launch attacks using rented ransomware kits.

•AI-Enhanced Attacks: AI is used to craft convincing phishing lures and evade detection.

•Targeted Attacks: Focus on critical infrastructure, healthcare, education, and supply chains.

•Data Theft Without Encryption: Some groups skip encryption entirely, relying solely on blackmail.

Payment and Obfuscation

•Payments are typically demanded in cryptocurrencies like Bitcoin or Monero.

•Attackers use mixing services and privacy coins to obscure transaction trails.

Prevention and Protection

•ESET Ransomware Shield: Detects and blocks suspicious behavior in real time.

•Ransomware Remediation: Automatically backs up and restores files if ransomware is detected.

•LiveGrid® and LiveGuard: Cloud-based reputation and sandboxing systems to detect zero-day threats.

Paying the ransom does not guarantee data recovery.

Victims are encouraged to report incidents to local authorities and cybersecurity agencies.

More information about ransomware protection

ESET products use multiple layered technologies that protect devices from ransomware. See the ESET Knowledgebase article for the best practices to protect your system.

For more information regarding ransomware, visit welivesecurity.com

˄˅