Ransomware is a type of malicious software (or malware) that blocks victim’s access to the computer and demands to pay the ransom. The ransom and the official reason, why a victim should pay it, depends on the type of the virus. Some versions of ransomware claim that the payment should be made for avoiding the punishment of the governmental authority (usually, FBI or local agency), others inform that this is the only way to decrypt encrypted data. Additional behavior of ransomware parasites may involve stealing user’s sensitive information, terminating legitimate software (anti-virus, anti-spyware, etc.), showing survey warnings and causing other unwanted activities. The first variants of this type of malware were released in Russia. Since then, they showed up in almost every world’s country.
There are several types of ransomware programs that use different methods for making PC users to pay the ransom. At the moment of writing, there are three different versions:
File Encrypting Ransomware. This ransomware version is mostly spread with the help of trojans. Once it infiltrates computer, it finds the mostly used files and encrypts them. Traditionally, encrypted files include photos, music files, videos, art, business and other data that is considered important for the victim. In addition, such ransomware starts displaying a huge warning message claiming that the only way to decrypt encrypted data is to pay a ransom. In fact, it is right because the most of such malware deletes the shadow copies of files and prevents their recovery.
Non-Encrypting Ransomware. This type of ransomware blocks the entire PC system and seeks to threaten PC user into paying an invented fine. For that, it presents itself as the warning message of the governmental authority. Typically, hackers use such names as FBI, police and others. Once it infects the system, it checks it for illegal files, like pornographic content or unlicensed program versions on victim's computer. Once they are detected, a virus locks the computer down and starts displaying a huge warning message that looks like it belongs to some governmental authority. In this case, victim is informed that there are illegal files that were detected after scan on his/hers computer. In addition, user is asked to pay a fine in order to avoid getting into jail.
Typical ransomware parasites are very dangerous. Although they usually do not self-replicate, such threats can make lots of problems on your computer. They can make your vital information inaccessible, they can steal your valuable data and destroy the entire system. It is highly recommended NOT to pay ransom, which is asked by this threat because that doesn't help to remove the parasite and restore affected information.
The most of ransomware parasites are able to propagate themselves and infect their target PC systems without users' knowledge. They can affect computers running Windows operating system, Mac OS X, Android and other operating systems. There are two major ways how these parasites can get into your computer.
Trojan Horse and other malware. The most of ransomware parasites are spread with the help of trojans. Trojan.Lockscreen is the mostly used threat for installing ransomwares on the system. They get into the system without user's knowledge as they tend to arrive in files attached to e-mail messages that present themselves as messages from reputable parties, such as Amazon, ebay, financial institutions, etc. Once user is tricked into downloading such attachment to computer, the trojan, which is related to ransomware, is also installed on it.
Fake pop-up notifications. Another part of ransomware pests are distributed by fake pop-up notifications that can be seen either on illegal or on legitimate websites. Mostly, they are set to report about missing updates but they can also "inform" you about a need to scan the system for free and remove viruses from it. These ads are usually filed with unsuspicious names and legitimate logos, so they can trick even the most experienced PC user into clicking them.
Cryptolocker is a malicious ransomware, which encrypts important victim's files and offers to purchase the decryption key by paying the specific ransom. Once executed, this parasite checks the system and blocks the most valuable files. Typically, it looks for business documents, images, video files and other files that could scare the victim and make him/her concerned after discovering that these files can't be opened. In addition, it shows a message threatening the user that these files will be lost forever. Of course, Cryptolocker gives a chance to recover these files by paying a ransom
FBI virus is yet another typical example of ransomware. It doesn't block the files, but, instead of that, it blocks the entire PC system and then starts showing a fake warning message. Typically, this message claims that user was noticed for his or hers illegal activity on the Internet. You can be informed about illegal visiting of pornographic websites and similar activities. In addition, the parasite claims that victim can be sent to jail and that the only way to avoid it is to pay a ransom. After paying it, FBI virus stops blocking the system. However, it doesn't mean that there are no malicious files on it anymore.
Your browser has been blocked. This is a clear example of browser-locking ransomware. It can also be called as a scareware because it doesn't infect the PC system. Instead of doing that, it blocks the browser and asks to pay the fine for visiting illegal websites. That's the least aggressive example of ransomware as it can be eliminated just by terminating the affected web browser.
In case of the ransomware infection, it is not recommended paying the ransom. There are lots of people who have lost their money in this way. Also, do not believe messages stating that you are dealing with governmental authorities because it's not true. Usually, such statements are displayed just for pushing people into paying ransoms. Fortunately, the most of antivirus and anti-spyware software can easily find ransomware files on the system and remove each of them. The most powerful anti-spyware solutions can be found in each description of ransomware virus and in the Software section.
If your system is blocked and you can't launch anti-spyware to remove your ransomware, try these options:
If our recommended tool failed to help you fix your computer, you should perform these alternative steps: