Ransomware is a type of malware that infects computer systems, restricting access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the systems are locked or that files are encrypted. Users are told that unless a ransom is paid, access cannot be restored. The ransom varies but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user's knowledge.
Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and can be spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection were observed. For example, vulnerable Web servers were exploited as an entry point to gain access into an organization's network.