badge icon

This article is not approved yet.

Article

Ransomware is a type of malicious software that blocks access to a device or to digital files and then demands a ransom payment to restore access. Some ransomware families prevent use of the device by locking the screen, while others prevent access by encrypting files.

Basic operating logic

After infecting a system, ransomware commonly:

  • Encrypts files and restricts user access.
  • Displays a warning or ransom note to communicate payment demands.
  • In some cases, requests payment through digital payment methods.
  • May establish persistence so it can run again after reboot.


Ransomware (AA)

Types

In the cited source, ransomware is discussed in two main groups:

  • Locker ransomware: restricts access by locking the device or screen.
  • Crypto ransomware: restricts access by encrypting files.

Infection vectors

The source describes common ways ransomware spreads, including:

  • Email messages carrying malicious attachments/links (including phishing content)
  • Social engineering tactics to persuade users to click, download, or open files
  • Exploiting unpatched/outdated software vulnerabilities
  • Malicious redirections via certain ads or deceptive content

General stages of an attack

A ransomware attack is summarized in the source as typically involving:

  1. Gaining access to the system or getting the malware executed
  2. Encrypting files or locking the device
  3. Notifying the user of the ransom demand

Examples

Examples mentioned include CryptoLocker, WannaCry, and Petya.

Protection and preparedness (measures mentioned in the source)

The source highlights the following practices:

  • Security awareness training and post-training attack simulations
  • Keeping systems up to date (patch/update management)
  • Using anti-malware and anti-spam protections
  • Network controls such as firewalls and analyzing suspicious files in a sandbox
  • Preparing an incident response plan
  • Maintaining an off-site backup plan


Bibliographies

Anadolu Ajansı. “U.S. to Offer $10 Million Reward for Information on BlackCat Ransomware Group.” Anadolu Ajansı, March 28, 2024. Accessed December 30, 2025. https://www.aa.com.tr/tr/dunya/abd-fidye-yazilim-grubu-blackcat-hakkinda-bilgi-saglayanlara-10-milyon-dolar-odul-verecek/3177538


Çelik, Soner, and Barış Çeliktaş. “Güncel Siber Güvenlik Tehditleri: Fidye Yazılımlar.”

Cyberpolitik Journal 3, no. 5 (Summer 2018): 105–132. Accessed December 30, 2025.

https://dergipark.org.tr/en/download/article-file/536201

Author Information

Avatar
AuthorHüsnü Umut OkurDecember 30, 2025 at 6:55 AM

Tags

Discussions

No Discussion Added Yet

Start discussion for "Ransomware" article

View Discussions

Contents

  • Basic operating logic

  • Types

  • Infection vectors

  • General stages of an attack

  • Examples

  • Protection and preparedness (measures mentioned in the source)

This article was created with the support of artificial intelligence.

Ask to Küre