Ransomware is malicious software that will block access to the computer or your files.

Types of ransomware


A scareware will masquerade as security software. It will display an alert message telling you that malware has been detected. The only way to remove it is to pay for its removal. In reality, your files are safe but the scareware will want you to believe otherwise and will insist heavily :)

Screen lockers

A screen-locking ransomware will, as the name suggests, prevent you from accessing your computer. You will usually get a screen modeled after that of a government institution, such as the FBI or the Department of Justice, that informs you that illegal activity has been detected and that you need to pay a fine.

Ransomware encryptors

It gets more complicated if you're dealing with an encrypting ransomware. The concept is this: the ransomware author steals your files, encrypts them and demands a ransom. A dilemma arises, even if you pay the ransom, you have no guarantee of recovering all your files. Encrypting ransomware has become much more sophisticated and now seeks to spread across the network and infect backups. They are becoming more and more sophisticated.


Method of operation

A ransomware will have a similar modus operandi to a Trojan horse by executing a payload. To do this, the ransomware will be able to exploit one or more known vulnerabilities or go through a phishing campaign. It will also be able to hide in an application, which is often the case of ransomware on mobile.


In late 2018, the Ryuk ransomware gained traction with numerous attacks on U.S. daily newspapers. Its modus operandi:

More information :

One of the largest ransomware attacks

It happened in the spring of 2017, WanaCry had about 200,000 victims from 150 countries. They were asked to pay a ransom in bitcoins.

More information about WanaCry : https://kb.prohacktive.io/index.php?action=ransomware&id=wannacry&lang=en

What to do in case of infection?

Should we pay the ransom? That is the question! The debate has just been reignited with the government reportedly allowing insurers to compensate ransomware victims. It's a dangerous game, if you play the game of paying ransom, it will encourage cybercriminals. And if we are not prepared for such a crisis, the company could go out of business.

Currently, a few decryptors exist that can recover data but they are not numerous. Here are the recommendations if you are a victim of ransomware:

How to protect yourself from ransomware ?

Here are some ideas :

One can consider going further in prevention by using solutions against phishing (such as Mailinblack) or to prevent the risk of vulnerability exploitation (such as Sherlock®)