Ransomware

What is Ransomware?

Ransomware is malicious software that encrypts files on a computer or entire network, then demands a ransom payment in exchange for the decryption key. Attackers typically request cryptocurrency like Bitcoin to remain untraceable. Even after paying, there is no guarantee that the data will actually be restored.

How does an attack unfold?

πŸ“§

1. Infection

Usually via phishing emails with malicious attachments or links, insecure remote access (RDP), or compromised software downloads.

πŸ”

2. Reconnaissance

The malware explores the network, searching for additional systems and valuable data – often undetected for days.

πŸ”’

3. Encryption

All discovered files (documents, images, databases) are locked with strong encryption. Without the attacker's key, they are completely unreadable.

πŸ’°

4. Extortion

A ransom note appears on screen – typically with a countdown timer and threats to destroy the key or publish the stolen data.

Variants

πŸ”

Crypto Ransomware

Encrypts files using AES/RSA. The most common and dangerous form – well-known examples: WannaCry, REvil, LockBit.

πŸ–₯️

Locker Ransomware

Locks the screen or the entire device without encrypting files. Generally easier to remove than crypto ransomware.

πŸ“€

Double Extortion

Data is not only encrypted but also stolen beforehand. Threat: data will be published if no ransom is paid.

☁️

RaaS (Ransomware-as-a-Service)

Attackers rent ransomware infrastructure, similar to legitimate software subscriptions. Dramatically lowers the technical barrier for criminals.

Ransomware Demo

Click Β«Start AttackΒ» and watch how ransomware encrypts files one by one – then the ransom note appears.

Your Files
πŸ–ΌοΈvacation_2024.jpgβœ“ Readable
πŸ“Šaccounting.xlsxβœ“ Readable
πŸ“passwords.txtβœ“ Readable
πŸ“„diploma.pdfβœ“ Readable
πŸ—ƒοΈcustomer_data.dbβœ“ Readable
Attacker Log
Waiting for start…
⚠️ YOUR FILES HAVE BEEN ENCRYPTED ⚠️ All your important files have been encrypted with AES-256 + RSA-2048.

To recover your files, send 0.05 BTC (~$3,100 USD) to:
bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh

You have 72:00:00 – after that the key will be destroyed.
Contact: decrypt@onion.dark | Attack ID: RW-2026-EN-00441

How to protect yourself

1. Regular backups: Follow the 3-2-1 rule – 3 copies, on 2 different media, 1 stored offline. Offline backups are protected from ransomware.

2. Keep software updated: Many ransomware attacks exploit known vulnerabilities. Apply updates promptly to close these gaps.

3. Email caution: Never open attachments or links from unknown sources. Ransomware is frequently distributed via phishing emails.

4. Network segmentation: Separate critical systems from the rest of the network to prevent ransomware from spreading.

5. Antivirus & EDR: Modern endpoint security solutions can detect ransomware behavior and stop it before serious damage occurs.

6. Never pay the ransom: Paying funds further attacks and does not guarantee data recovery.