Can infect files encrypted by ransomware

Detecting ransomware - this is how the encryption Trojans differ

What is ransomware

Ransomware is kind of Malware (English malicious software, "malicious program") used by cyber criminals. When a computer or network has been infected with ransomware, blocked this the Access to the system or encrypted whose Data. Cyber ​​criminals demand from their victims ransom (Eng. ransom) to release the data again. To yourself protect against ransomware infection a watchful eye and security software is recommended. Have victims of such a malicious program attack after infection three options, with either the Pay the requested ransom, the Removal of the malware try or that Put the device back on can. Attack vectorsthat are often used by blackmail trojans Remote desktop protocol, Phishing email and Software vulnerabilities. A ransomware attack can target both Private individuals as well as on Companies aim.

Identifying ransomware - that basic distinction exists

Two types of ransomware are particularly popular:

  • Locker ransomware: This type of malware blocks basic computer functions. For example, you are denied access to the desktop while the mouse and keyboard are only partially active. So you can still interact with the ransom note window to make the payment. Other than that, the computer is useless in such a case. But there is good news: Locker malware usually doesn't target critical files; it just wants to lock you out. A complete destruction of your data is therefore less likely.
  • Crypto ransomware: The goal of crypto ransomware is to get your important datessuch as B. documents, pictures and videos, too encrypt, but the not to affect basic computer functions. This spreads panic because users can see their files but cannot access them. Crypto developers often add a countdown to their ransom note: "If you don't pay the ransom within the deadline, all your files will be deleted." And given the number of users who feel the need to backup to the cloud or off-site Unaware of physical storage devices, crypto ransomware can wreak havoc. Accordingly, many victims pay the ransom just to get their files back.

Locky, Petya and Co.

Now you know what ransomware is and you know the two main types. You will learn below known examples of ransomware that will help you classify the dangers posed by ransomware:


Locky is a ransomware that was first used in 2016 by a group of organized hackers. Locky encrypted and spread over 160 file types fake emails with infected attachments. Users fell for the email trick and installed the ransomware on their PCs. This method of dissemination is called phishing and it is a form of so-called social engineering. Locky ransomware targets file types that are often used by designers, developers, engineers, and testers.


WannaCry was a ransomware attack that spread to over 150 countries in 2017. It was designed to be a Exploited vulnerability in Windowscreated by the NSA and leaked by the Shadow Brokers hacking group. WannaCry affected 230,000 computers worldwide. The attack hit a third of all NHS hospitals in the UK and caused an estimated £ 92 million damage. The users were locked out and a ransom in the form of Bitcoin was demanded. The attack brought the problem of obsolete systems into the limelight, as the hacker was using a vulnerability in the operating system for which a patch had existed for a long time at the time of the attack. The worldwide financial damage caused by WannaCry was approximately 4 billion US dollars.

Bad Rabbit

Bad Rabbit was a ransomware attack from 2017 that targeted what was known as Drive-by attacks spread. For that were unsafe websites abused to carry out the attacks. In a drive-by ransomware attack, a user visits a real website, not knowing that it has been compromised by hackers. For a drive-by attack, it is usually sufficient for a user to access such a compromised page. In this case, however, running an installer that contained cloaked malware resulted in the infection. That's called one Malware dropper. Bad Rabbit asked the user to perform a fake Adobe Flash installation in order to infect the computer with malware.