Home » Spin.AI Blog » Cybersecurity » Ransomware: Definition, Types, Recovery, And Prevention
November 6, 2020 | Updated on: March 25, 2024 | Reading time 7 minutes

Ransomware: Definition, Types, Recovery, And Prevention

What is ransomware?

Ransomware is a type of malware that prevents users from accessing their data or using their device. In most cases, it encrypts the files and offers a decryption key in return for a ransom.

Types of ransomware:

By the effect on system:

  • Scareware makes users believe that there’s a virus on their computer and they need to purchase special software to remove it.
  • Locker terminates operations on a PC preventing users from accessing files and programs.
    • Mobile locker acts the same but instead of PC files blocks the mobile device.
  • Crypto encrypts all the files. A user can access a file, but the information within it is corrupted.
  • Leakware doesn’t harm the user’s files. Instead, it collects the information and sends it to a cybercriminal. The ultimate goal is to blackmail the user threatening the leak the data.

By the target technology:

By effect on previous file versions:

  • No effect
  • The malware encrypts all the versions of a file

Ransomware examples:

Cerber, Locky, CryLocker, CryptoLocker, Jigsaw, Ryuk, Spider, Petya, NotPetya, GoldenEye

Read about the recent examples of ransomware.

How ransomware works


Trick human into downloading a file> Infect > Encrypt > Demand ransom


Trick human into giving access to their cloud drive > Infect > Encrypt > Demand ransom

Read more about ransomware in action.

Channels of ransomware spread:

  1. Emails with links or file attachments:
    • Spam emails are sent to hundreds of people. They are usually of low quality and contain many mistakes.
    • Spoofing is pretending to be a trustworthy sender (mostly well-known and trusted organization like Amazon, Google, or Microsoft)
    • Spear phishing is pretending to be the authority of the recipient’s organization (e.g., a CEO).
  2. Posts on social networking websites that contain a link to malicious software
  3. Botnets. A computer that has previously been infected and becomes a part of a botnet can be an easy target for ransomware.
  4. Malvertising is advertising on a trusted website that redirects to a malicious website.
  5. Compromised websites. Cybercriminals look for vulnerabilities in trusted resources and inject malicious code. Alternatively, they create their own websites, often with prohibited content.
  6. Applications and programs from trusted developers can contain vulnerabilities. Hackers would look for them and exploit them to inject malicious code.
  7. Infected hardware, for example, removable media.

How to remove and recover from ransomware:

If you don’t have a backup follow the steps below:

  1. Isolate your device from the network and other devices
  2. Make screenshots and copy the ransom demand note
  3. Report the crime to authorities
  4. Check if previous versions of your files are also encrypted.
  5. If no:
    • Run the antivirus software to eliminate ransomware.
    • Then restore files.
  6. If your file versions are also corrupted:
    • Use online tools to determine your type of ransomware
    • Look for and download decryption keys
  7. If your ransomware is new and there are no decryption keys, estimate the consequences of paying ransom vs. deleting your files and act accordingly.
  8. Take the necessary steps to prevent getting ransomware in the future.

Keep in mind that these steps do not guarantee the recovery of your files unless you have backup or DLP.

How to prevent a ransomware attack

There are multiple strategies to defend against this type of malware. Here are four simple measures:

  1. Educate your employees about social engineering techniques
  2. Purchase backup tools
  3. Purchase anti-ransomware software
  4. Alternatively, purchase a tool that backs up your data and eliminates ransomware at the same time.

Was this helpful?

Thanks for your feedback!
Avatar photo

Vice President of Product

About Author

Davit Asatryan is the Vice President of Product at Spin.AI

He is responsible for executing product strategy by overseeing the entire product lifecycle, with a focus on developing cutting-edge solutions to address the evolving landscape of cybersecurity threats.

He has been with the company for over 5 years and specializes in SaaS Security, helping organizations battle Shadow IT, ransomware, and data leak issues.

Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley. In his spare time, Davit enjoys traveling, playing soccer and tennis with his friends, and watching sports of any kind.

Featured Work:

Latest blog posts

Protecting Partner Margins: An Inside Look at the New Spin.AI Partn...

Google recently announced a 40% reduction in the partner margin for Google Workspace renewals –... Read more

Top-10 Salesforce Security Best Practices

Top 10 Salesforce Security Best Practices and Tips

In the ever-evolving threat landscape, safeguarding sensitive data is paramount. Salesforce, a leading customer relationship... Read more

Microsoft 365 Security Best Practices and Recommendations 2024

Microsoft 365 Security Best Practices and Recommendations 2024

Micorosft 365 is a business-critical cloud environment that contains terabytes of sensitive information. Protecting this... Read more