Reading Time: 2 minutes

What is ransomware and how does it works?


Ransomware is a malicious software that encrypts victims data and make unusable until victim pay the attacker in Bitcoin. It uses cryptography technology. Attacker decrypts the files only if the victims pays the bitcoin amount within certain period of time. Usually decryption keys are moved from the victim system. If victim unable to pay the amount the decryption key will be removed from attacker which makes the system unusable.

There are different variants of Ransomware found such as wannacry, notpetya, samsam etc,. In year 2017 had major hit  all over the globe done by wannacry . It had a huge impact on NHS hospital which leads all the functionality got stopped until the data retained.

Still nobody can assure that attacker will send you the decryption key once they paid. It’s just because “nobody trust theives”.

How ransomware works?

Step 1: Ransomware comes in the form of email with attachment or website link . Once the user click the link the file gets downloaded from the control server and inspect the system for the check the flaws in the system such as missing patches in operating system, software vulnerabilities etc.


Step 2: Once user executed the file the malicious software talks with the Command and Control center and download the encryption code . From this point of time the script will executed, which starts the encryption process including the system file. All the files will be renamed to some different extensions according the variant of ransomware. For example for wannacry it will be file.wannacry for locky ransomware it is filename.locky

Thus the process continues.

Step 3: Once process of encryption completes, attacker will place his waring banner with bitcoin address and amount. And he will start the timer as well. Below shows the sample warning banner of wannacry ransomware. The attacker waits for the payment utill the timer stops. later the timer stops the decryotion key removed attackers database list. Each user has their own id to the used at the time of payment.

After the encryption attacker will remove decryption key and the traces of attack originated and how it came inside.

None of us can assure you that data will be safe even after you pay the amount to attacker.

I have already the written one document to be stay safe from ransomware. Here you can find the link for that.

© 2018, Techrunnr. All rights reserved.

Questions Answered
Articles Written
Overall Points
Categories: Security

Prabhin Prabharkaran

He is Technical professional. He is a person who loves to share tricks and tips on the Internet. He Posts what he does!!


Leave a Reply