Programs that take control of a user’s device or data, then demand payment to restore normal access to the ransomed content or system.
Ransomware is a form of crimeware – malicious programs that are used, either by an individual or by organized criminal groups, to extort money from an affected user.
There are two main types of ransomware: cryptoransomware, and police-themed. The types differ mainly in the kind of fear they use to motivate the user into paying the ransom: police-themed ransomware tries to scare the user into believing they need to pay a ‘fine’ for committing a crime of some sort, while crypto-ransomware exploits the user’s fear of never recovering their content or device.
There are many different ransomware families, or sets of individual programs (variants) that are similar enough to be grouped together. Each family has unique characteristics, such as how they infect the device, what kind of files they target, how they demand payment and so on. Knowing which specific family is involved in an incident can be critical in figuring out what should be done next in order to contain any damage and remove the threat from an affected device.