Ransomware Attack Explained: What It Is & How It Works

Ransomware Attack Image

May 2017 marked what many experts considered a global epidemic with Wannacry. Analysts say this worldwide cyberattack impacted around 200 000 Microsoft Windows computers across 150 nations. Wannacry resulted in a financial loss from hundreds of millions to billions of dollars. This tells us one thing: ransomware is real and has destructive effects. Let’s explore how it works.

What is a ransomware attack?

This is malicious software designed to encrypt data on a computer or prevent further access and then demand a payoff to return everything to normal. In some cases, this attack may threaten to publish the target’s personal files unless, again, they pay a ransom.

A key feature of this malware is the use of crypto, particularly Bitcoin. This is because digital currencies are anonymous by nature. Therefore, once you settle the ransom, it is almost impossible to trace any information on the receiver.

Most ransomware enters a person’s device through social engineering tactics.

How does ransomware work?

While there are several types of ransomware attack, the modus operandi is relatively the same. These attacks typically spread through email attachments, drive-by downloads, malvertising, or other seemingly harmless online links.

Once the user clicks on the link, this action automatically downloads the malware. It will immediately encrypt certain files with a weird extension to make them inaccessible or block the entire operating system.

Before long, access to the device is restricted, and the user will typically see an alarming message demanding payment.

What are the types of ransomware?


A ’locker’ blocks you from the entire system (instead of targeting specific files) with a lock screen suggesting a ransom.

Crypto ransomware

The software encrypts particular files like documents, videos, and pictures. It will also have a screen demanding payment to receive the decryption solution for the data. The message will threaten to delete the files unless a payment is made.

Along with lockers, a countdown clock on the screen is a classic feature designed to amplify the urgency of the demand.


Ransomware-as-a-service (RaaS) is a system where ransomware operators offer their package to affiliates as a subscription, with the latter earning a percentage of each successful ransom.


This is malicious software designed to trick the victim into buying or downloading a quick-fix solution to remove a supposed computer virus. Clicking on the link results in the theft of personal data or a ransomware attack.


This is malware (which comes from “doxing”) that intimidates to leak a victim’s data unless they pay a ransom.

Android ransomware

This is targeted at Android mobile devices. It functions like ordinary malware by locking users out of their operating system, encrypting data, or threatening to expose certain information to the public unless money is exchanged.

Mac ransomware

As you may have guessed, this malicious software targets Mac computing devices.


Ransomware attacks are hazardous. Users must take online security seriously to protect against the many cyber threats. Duckist is part of the solution to help you share passwords, secret messages, and files with encryption so no one can view or steal your data once it’s been received.