Home » Spin.AI Blog » Cybersecurity » Ransomware: Definition, Types, Recovery, And Prevention
November 6, 2020 | Updated on: April 23, 2024 | Reading time 7 minutes

Ransomware: Definition, Types, Recovery, And Prevention

Avatar photo

Vice President of Product

What is ransomware?

Ransomware is a type of malware that prevents users from accessing their data or using their device. In most cases, it encrypts the files and offers a decryption key in return for a ransom.

Types of ransomware:

By the effect on system:

  • Scareware makes users believe that there’s a virus on their computer and they need to purchase special software to remove it.
  • Locker terminates operations on a PC preventing users from accessing files and programs.
    • Mobile locker acts the same but instead of PC files blocks the mobile device.
  • Crypto encrypts all the files. A user can access a file, but the information within it is corrupted.
  • Leakware doesn’t harm the user’s files. Instead, it collects the information and sends it to a cybercriminal. The ultimate goal is to blackmail the user threatening the leak the data.

By the target technology:

By effect on previous file versions:

  • No effect
  • The malware encrypts all the versions of a file

Ransomware examples:

Cerber, Locky, CryLocker, CryptoLocker, Jigsaw, Ryuk, Spider, Petya, NotPetya, GoldenEye

Read about the recent examples of ransomware.

How ransomware works


Trick human into downloading a file> Infect > Encrypt > Demand ransom


Trick human into giving access to their cloud drive > Infect > Encrypt > Demand ransom

Read more about ransomware in action.

Channels of ransomware spread:

  1. Emails with links or file attachments:
    • Spam emails are sent to hundreds of people. They are usually of low quality and contain many mistakes.
    • Spoofing is pretending to be a trustworthy sender (mostly well-known and trusted organization like Amazon, Google, or Microsoft)
    • Spear phishing is pretending to be the authority of the recipient’s organization (e.g., a CEO).
  2. Posts on social networking websites that contain a link to malicious software
  3. Botnets. A computer that has previously been infected and becomes a part of a botnet can be an easy target for ransomware.
  4. Malvertising is advertising on a trusted website that redirects to a malicious website.
  5. Compromised websites. Cybercriminals look for vulnerabilities in trusted resources and inject malicious code. Alternatively, they create their own websites, often with prohibited content.
  6. Applications and programs from trusted developers can contain vulnerabilities. Hackers would look for them and exploit them to inject malicious code.
  7. Infected hardware, for example, removable media.

How to remove and recover from ransomware:

If you don’t have a backup follow the steps below:

  1. Isolate your device from the network and other devices
  2. Make screenshots and copy the ransom demand note
  3. Report the crime to authorities
  4. Check if previous versions of your files are also encrypted.
  5. If no:
    • Run the antivirus software to eliminate ransomware.
    • Then restore files.
  6. If your file versions are also corrupted:
    • Use online tools to determine your type of ransomware
    • Look for and download decryption keys
  7. If your ransomware is new and there are no decryption keys, estimate the consequences of paying ransom vs. deleting your files and act accordingly.
  8. Take the necessary steps to prevent getting ransomware in the future.

Keep in mind that these steps do not guarantee the recovery of your files unless you have backup or DLP.

How to prevent a ransomware attack

There are multiple strategies to defend against this type of malware. Here are four simple measures:

  1. Educate your employees about social engineering techniques
  2. Purchase backup tools
  3. Purchase anti-ransomware software
  4. Alternatively, purchase a tool that backs up your data and eliminates ransomware at the same time.

Was this helpful?

Thanks for your feedback!
Avatar photo

Vice President of Product

About Author

Davit Asatryan is the Vice President of Product at Spin.AI

He is responsible for executing product strategy by overseeing the entire product lifecycle, with a focus on developing cutting-edge solutions to address the evolving landscape of cybersecurity threats.

He has been with the company for over 5 years and specializes in SaaS Security, helping organizations battle Shadow IT, ransomware, and data leak issues.

Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley. In his spare time, Davit enjoys traveling, playing soccer and tennis with his friends, and watching sports of any kind.

Featured Work:

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Latest blog posts

Beyond Add-Ons: Elevating Browser Governance Against Malicious and ...

Browser extensions, plugins, add-ons – these tools may have many names but they have even... Read more


Perception Point

backup comparison checlist

Regulations and Best Practices for Office 365 Backups: Europe Edition

Why do you need special accommodations for Office 365 Backups in Europe? For businesses using... Read more

Avatar photo

CEO and Founder

Top 10 Low-Risk Applications and Extensions for Google Workspace

Top 10 Low-Risk Applications and Extensions for Google Workspace

Google Workspace is an extremely popular SaaS productivity suite used by millions of organizations today.... Read more

Avatar photo

Vice President of Product