Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!


From Malware Wiki

Revision as of 13:14, 25 May 2021 by PhilTheWanderer (talk | contribs) (Text replacement - "will be unable" to "is unable")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Most of this page uses content from Wikipedia. The original article was at Ransomware (malware). The page may have contained some inaccurate or outdated information, so please rewrite some parts to avoid plagiarism.
The list of authors can be seen in the page history. As with Malware Wiki, the text of Wikipedia is available under the Creative Common Attribution-ShareAlike 3.0 License.
Remove this template when most of the Wikipedia content has been removed or the Wikipedia information is outnumbered by non-Wikipedia information.

Ransomware, sometimes known as cryptovirus, crypto trojan, lock virus, encryptor virus, or crypto worm is a type of malware that makes the data belonging to an individual on a computer inaccessible in some way, demanding a ransom for its restoration, hence the name. The term ransomware is commonly used to describe such malicious software, although the field known as crypto virology predates the term "ransomware".

This type of ransom attack can be accomplished by (for example) attaching a specially crafted file/program to an e-mail message and sending this to the victim. If the victim opens/executes the attachment, the program encrypts a number of files on the victim's computer. A ransom note is then left behind for the victim. The victim is unable to open the encrypted files without the correct decryption key. Once the ransom demanded in the ransom note is paid, the cracker may (or may not) send the decryption key, enabling decryption of the "kidnapped" files. Which get stolen.

Some ransomwares would kill Skype just like Egglocker. Some ransomwares sometimes spread through email just like WannaCry.

The idea of maliciously encrypting plaintext is not new. The first example is probably the PC Cyborg trojan that was found in 1989. It encrypted only filenames (using a very weak symmetric cypher) causing the file system to be corrupted. There have been other malware attacks that have maliciously encrypted plaintext since then. The 1996 IEEE paper by Young and Yung reviews the malware that has done this and shows how public key cryptography may be used in such threats.

Ransomware is defined as malware that contains and uses the public key of its author. In cryptoviral extortion, the public key is used to hybrid encrypt the data of the victim and only the private key (which is not in the malware) can be used to recover the data. This is one of a myriad of attacks in the field known as crypto virology. This can make people millions of dollars for their ransomware.


Ransomware will commonly expect the user to pay in these following formats, including mostly cryptocurrency:

  • BitCoin
  • MoneyPak
  • PayPal
  • Monero

Popular ransomware

External Links and References