Ransomware

Ransomware (also known as filecoder) is a type of malware that locks your device or encrypts the content on your device and extorts money from you to restore access to your content. This kind of malware can also have a built-in timer with a pre-programmed payment deadline that must be met. If the deadline is not met, the price increases, or the device ultimately becomes inaccessible.

When the device is infected, the filecoder may attempt to encrypt the shared drives on the device. This process can make it seem as though the malware is spreading over the network, but it is actually not. This situation occurs when the shared drive on a file server is encrypted, but the server itself does not contain a malware infection (unless it is a terminal server).

Ransomware authors generate a pair of keys, public and private, and insert the public one into the malware. The ransomware itself may be a part of a Trojan or appear to be a file or a picture that you could receive in an email, on social networks, or in instant messengers. After infiltrating your computer, the malware will generate a random symmetric key and encrypt the data on the device. It uses the public key in the malware to encrypt the symmetric key. The ransomware then demands a payment to decrypt the data. The payment demand message displayed on the device may be a false warning that your system has been used for illegal activities or contains illegal content. The ransomware victim is asked to pay the ransom using a range of payment methods. The options are usually the ones that are difficult to trace, such as digital (crypto) currencies, premium-rate SMS messages, or pre-paid vouchers. After receiving the payment, the ransomware author should unlock the device or use their private key to decrypt the symmetric key and decrypt the victims' data; however, this operation is not guaranteed.