{"id":3032,"date":"2025-04-08T12:01:07","date_gmt":"2025-04-08T10:01:07","guid":{"rendered":"https:\/\/trustlab.upct.es\/2025\/04\/08\/que-es-un-ransomware\/"},"modified":"2025-09-19T10:47:26","modified_gmt":"2025-09-19T08:47:26","slug":"what-is-ransomware","status":"publish","type":"post","link":"https:\/\/trustlab.upct.es\/en\/2025\/04\/08\/what-is-ransomware\/","title":{"rendered":"What is ransomware?"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Ransomware is a type of malware (malicious software) specifically designed to block access to a victim’s files or systems, demanding an economic ransom usually in cryptocurrencies in exchange for their release.<\/strong> Its name comes from the combination of two English words: ransom and software.<\/p>

This type of threat is not new, but it has evolved at an enormous speed.<\/strong> Today, it represents one of the most dangerous, lucrative and sophisticated forms of cyber-attack<\/strong>. It no longer affects only individual users: companies, hospitals, universities and even governments have been victims of ransomware with losses running into millions of dollar<\/strong>s.<\/p>

In most cases, the process is simple but devastating: once the malware manages to infiltrate the system, it encrypts important files and displays a warning message<\/strong>. The attacker demands a payment (ransom) to deliver the decryption key that will allow the recovery of the hijacked information. And there is no guarantee that, after payment, the files will be available again<\/strong>.<\/p>

This type of attack has become a real business for digital organized crime<\/strong>. There are even ransomware-as-a-service<\/strong> models, where less technical attackers can rent the necessary tools and platforms to launch attacks<\/strong>.<\/p>

But… how do they get to infect our systems? And more importantly, how can we protect ourselves? Let’s break it all down step by step.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t

\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

How does a ransomware attack work?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

A ransomware attack follows a well-defined and highly effective sequence, in which the attacker looks for a vulnerability<\/strong>, a weakness in the system, a user malpractice or a security breach<\/strong> to exploit and thus introduce the malware. This process usually includes the following phases:<\/p>

  • Infection<\/strong>: Ransomware can arrive in a variety of ways, such as phishing emails with malicious attachments, infected links on web pages, pirated software downloads, compromised USB devices or exploiting vulnerabilities in outdated software<\/strong>.<\/li>
  • Malware execution<\/strong>: Once the infected file is opened or the user clicks on the link, the ransomware<\/strong> executes in the background. In many cases, even before the user notices anything strange, the encryption<\/strong> process has already begun.<\/li>
  • File encryption<\/strong>: The ransomware identifies the most important and sensitive files on the system, such as documents, databases, images and configuration files. It then encrypts them with a strong algorithm<\/strong> (such as AES or RSA<\/strong>), making them impossible to access without the correct key.<\/li>
  • Ransom message<\/strong>: Once the encryption is complete, a message appears on the screen informing the victim of what has happened and demanding a ransom. Typically, instructions to pay<\/strong> are offered (often in bitcoin<\/strong>), with threats to delete the data or increase the amount if not paid quickly.<\/li>
  • (Optional) Data exfiltration<\/strong>: Some modern versions of ransomware not only encrypt, but also steal sensitive information<\/strong>. This allows the attackers to further extort money from the victim: if they don’t pay, they threaten to leak the data publicly.<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t

    Types of ransomware: the most common <\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
    \n\t\t\t\t
    \n\t\t\t\t
    \n\t\t\t\t\t\t\t\t\t

    Ransomware has evolved into multiple variants. Some focus solely on encrypting files; others also lock the system or steal sensitive information. These are the most common:<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

    \n\t\t\t\t
    \n\t\t\t\t\t\t\t
    \n\t\t\t
    \n\t\t\t\t\t