🔒 Ransomware Ransomware
Malicious software that locks you out of your own files or computer (usually by encrypting them) and then demands a payment, the ransom, to give access back. The payment is almost always demanded in cryptocurrency.
🏠 The simple version — a burglar with your own safe
Picture a burglar who breaks in, locks all your belongings inside a safe right there in your house, and says they will only hand over the combination if you pay. Your things are still in front of you, but you can't use them. That's ransomware. The safe is encryption (a way of scrambling files so they're useless without the right key), and the combination is the decryption key the attacker is holding hostage.
🦠 How a computer catches it
Most infections start with a simple trick. A victim is fooled into running the malware through a phishing email attachment or link, a malicious ad, or out-of-date software that has a hole the attacker can exploit. Once it's running it quietly encrypts files and can spread across a whole network before a single ransom note ever appears.
- 📧 Phishing — a fake email gets you to open an attachment or click a link
- 📢 Malvertising — a poisoned online ad delivers the malware
- 🕳️ Old software — unpatched programs leave a hole attackers slip through
🧰 These are social engineering at work: the weakest link is usually a person being rushed or tricked, not the computer itself.
💸 Why the ransom is paid in crypto
Cryptocurrency moves across borders in minutes without a bank or an identity check getting in the way, which makes the money harder to freeze and slower to trace. That convenience for the attacker is the whole reason it shows up here — and it's the most common moment a beginner hears Bitcoin called the criminals' currency in the news.
| Coin | Share of ransoms | Why attackers pick it |
|---|---|---|
| ₿ Bitcoin | ~95% | Easy for a victim to buy and easy to cash out — high liquidity, not high privacy |
| ɱ Monero | ~5% | Some groups prefer it for stronger anonymity, sometimes at a discount |
🕵️ The myth of the untraceable payment
Beginners often assume that paying in Bitcoin makes the criminals vanish. In reality Bitcoin is pseudonymous, not anonymous: every transaction is permanently recorded on a public ledger. With coin-mixing and other tricks attackers try to muddy the trail, but blockchain-analysis tools let investigators often follow it anyway.
📜 Cases that made the news
- 🌍 WannaCry (2017) — spread through the EternalBlue exploit to hundreds of thousands of Windows PCs in days, demanded Bitcoin, and hit hospitals including the UK's NHS
- 🛢️ Colonial Pipeline (2021) — the DarkSide attack that paused a major US fuel pipeline; ransom paid in Bitcoin and partly recovered
- 🪙 GandCrab (2018) — the first known ransomware to demand payment in DASH
- 🏥 Locky (2016) — a Los Angeles hospital, Hollywood Presbyterian, paid about 40 BTC to get its systems back
🛡️ What actually protects you
- 💾 Backups — keep an offline or separate copy of important files; if originals get locked, you restore instead of pay
- 🔄 Updates — patching software closes the holes exploit kits rely on
- 🤔 Slow down — don't open surprise attachments or click links in a rush; that pause stops most phishing
- 🚫 Think hard before paying — paying funds the next attack and may get you nothing back
❓ FAQ
- Does paying in Bitcoin make the attackers untraceable?
- No. Bitcoin is pseudonymous, not anonymous. Every transaction sits on a public ledger, so investigators using blockchain-analysis tools can often follow the money. In the 2021 Colonial Pipeline case, the FBI traced and recovered about 63.7 of the roughly 75 BTC that had been paid.
- Why do ransomware attackers ask for crypto instead of cash or a bank transfer?
- Crypto moves across borders quickly without a bank or an identity check standing in the way, which makes the money harder to freeze and slower to follow. Bitcoin is used most often because it is easy for a victim to buy and easy for an attacker to cash out, not because it is the most private option.
- If I pay the ransom, will I definitely get my files back?
- No. Paying is a gamble. The attackers may take the money and never send a working key, or send a key that only restores some files. Security agencies generally advise against paying, and keeping offline backups is the reliable way to recover.