Tips and Tricks

The ABCs of Cybersecurity: R is for Ransomware

Smartphones and computers are becoming increasingly important in our lives, changing how we chat, talk, work, study, read, shop and move around. What happens when we can’t use our devices or access all the data that supports a modern life? How much would we pay to get it all back?

Cyber-criminals, armed with ransomware, are finding the answers to exactly these questions.

What exactly is ransomware?

In broad terms, ransomware is a category of malicious software designed to block access to a computer system until a sum of money is paid.

Three different types of ransomware are out there so far. The “mildest” of all ransomware are screen-lockers: they only prevent the user from accessing their device by blocking access to the desktop or home screen (in the case of smartphones). While annoying, screen lockers can be bypassed without paying the attacker, provided you have enough technical experience to get your hands dirty.

Because of this, non-encrypting ransomware proved ineffective at making money and was overshadowed by crypto-ransomware. Crypto-ransomware is extremely effective as it encrypts specific locally stored information – and sometimes cloud backups, too – and offers to decrypt it in exchange for a fee ranging from $300 to $900. Because crypto-ransomware uses the same technology that protects our conversations, banking transactions and military communication, encrypted files can’t be retrieved without paying the ransom. Crypto-ransomware families are responsible for extorting more than one billion dollars a year from victims.

This year we saw the emergence of a third category of ransomware, namely disk-encryptors such as Petya. Unlike file encryptors, disk encryptors hold the entire disk drive at ransom and prevent the user form booting their operating system.

How does ransomware spread?

Most of the times, ransomware spreads by posing as invoices, delivery notes, attached CVs or other enticing content attached to carefully crafted spam e-mails. If the user opens the message and clicks the attachment, the encryption process starts. When all the information is encrypted, the user sees a warning message directly on the desktop, along with instructions on how to pay the ransom and get the decryption key.

Other times, ransomware operators buy advertising on high-traffic websites. These adverts are not your regular banners, but rather crafted ads that exploit vulnerabilities in browsers and browser plugins. When the browser (or the respective plugin) crashes, it automatically installs the ransomware component. This approach allows the ransomware operators to infect victims even if they are following best practices in handling junk email.

Last but not least, ransomware operators sneak their creations into illegal, pirated content that is available for download on torrent or “warez” websites.

How do I stay safe? What do I need to do?

Ransomware is a complex threat that relies on multiple attack vectors to infect users. Defeating ransomware attacks is difficult, but not impossible. Authorities have joined forces internationally to come up with the best strategies to prevent these scams but, in the meantime, here are a couple of tips to make sure you don’t lose your data – or your money.

Run a security solution that can detect emerging ransomware. Keep your security solution up to date and active at all times. If you don’t have a security solution in place, try Bitdefender’s award-winning Internet Security or Total Security products.

Take regular backups of your important files and store these backups on storage devices that are not permanently connected to your computer. If you fall victim to ransomware, you should restore your files from backup rather than pay for the decryption key. This way, you render the ransomware business unprofitable and – just like any unprofitable business – it will fade out by itself. Just by staying safe and not paying the money you can do your part to take ransomware down.

If you would like to learn more about ransomware, its history, how it works and how it brings fortunes to cyber-crooks, you might want to check this article out.

About the author


The meaning of Bitdefender’s mascot, the Dacian Draco, an ancient symbol that depicts a mythical animal with a wolf’s head and a dragon’s body, is “to watch” and to “guard with a sharp eye.” Like our mascot, we are committed to using Bitdefender Labs, our world-class research team, to vigilantly find and eradicate threats for our customers, and to use our platform for the larger good.


Click here to post a comment
  • So, it's not clear: does Bitdefender do all this, or do you have to upgrade to the Internet Security package? If it's an upgrade, why don't you say so, and provide a link to make it easier?

    • I don't think I completely understood your question. The Bitdefender consumer products come in three packages: Antivirus Plus, Internet Security and Total Security. All three solutions offer the same level of protection against ransomware so you don't need to upgrade to anything. This is not an up-sell message, it's a piece of informative content to get our users acquainted with modern threats and their modus operandi.

    • I believe your clients are saying that they have the free USSD wipe program and want to know if they need more to be safe.