
SCARS Institute’s Encyclopedia of Scams™ Published Continuously for 25 Years

SCARS™ Cybersecurity Guide: Protecting Against Ransomware
All about ransomware
Ever wondered what all the ransomware fuss is about? You’ve heard about it at the office or read about it in the news. Maybe you’ve got a pop-up on your computer screen right now warning of a ransomware infection. Well, if you’re curious to learn all there is to know about ransomware, you’ve come to the right place. We’ll tell you about ransomware’s different forms, how you get it, where it came from, who it targets, and what to do to protect against it.
Ransom malware, or ransomware, is a type of malware that prevents users from accessing their system or personal files and demands a ransom payment in order to regain access. The earliest variants of ransomware were developed in the late 1980s, and payment was to be sent via snail mail. Today, ransomware authors order that payment be sent via cryptocurrency or credit card.
[lwptoc]What Is Ransomware?
Ransomware is a type of malware threat actors use to infect computers and encrypt computer files until a ransom is paid. After the initial infection, ransomware will attempt to spread to connected systems, including shared storage drives and other accessible computers.
If the threat actor’s ransom demands are not met (i.e., if the victim does not pay the ransom), the files or encrypted data will usually remain encrypted and unavailable to the victim. Even after a ransom has been paid to unlock encrypted files, threat actors will sometimes demand additional payments, delete a victim’s data, refuse to decrypt the data, or decline to provide a working decryption key to restore the victim’s access. The Federal Government does not support paying ransomware demands.
How Does Ransomware Work?
Ransomware identifies the drives on an infected system and begins to encrypt the files within each drive. Ransomware generally adds an extension to the encrypted files, such as .aaa, .micro, .encrypted, .ttt, .xyz, .zzz, .locky, .crypt, .cryptolocker, .vault, or .petya, to show that the files have been encrypted—the file extension used is unique to the ransomware type.
Once the ransomware has completed file encryption, it creates and displays a file or files containing instructions on how the victim can pay the ransom. If the victim pays the ransom, the threat actor may provide a cryptographic key that the victim can use to unlock the files, making them accessible.
How Is Ransomware Delivered?
Ransomware is commonly delivered through phishing emails or via “drive-by downloads.” Phishing emails often appear as though they have been sent from a legitimate organization or someone known to the victim and entice the user to click on a malicious link or open a malicious attachment. A “drive-by download” is a program that is automatically downloaded from the internet without the user’s consent or often without their knowledge. It is possible the malicious code may run after download, without user interaction. After the malicious code has been run, the computer becomes infected with ransomware.
What Can You Do To Protect My Data And Networks?
Back up your computer. Perform frequent backups of your system and other important files, and verify your backups regularly. If your computer becomes infected with ransomware, you can restore your system to its previous state using your backups.
Store your backups separately. A best practice is to store your backups on a separate device that cannot be accessed from a network, such as on an external hard drive. Once the backup is completed, make sure to disconnect the external hard drive or a separate device from the network or computer.
Train your organization. Organizations should ensure that they provide cybersecurity awareness training to their personnel. Ideally, organizations will have regular, mandatory cybersecurity awareness training sessions to ensure their personnel is informed about current cybersecurity threats and threat actor techniques. To improve workforce awareness, organizations can test their personnel with phishing assessments that simulate real-world phishing emails.
What Can You Do To Prevent Ransomware Infections?
Update and patch your computer. Ensure your applications and operating systems (OSs) have been updated with the latest patches. Vulnerable applications and OSs are the targets of most ransomware attacks.
Use caution with links and when entering website addresses. Be careful when clicking directly on links in emails, even if the sender appears to be someone you know. Attempt to independently verify website addresses (e.g., contact your organization’s helpdesk, search the internet for the sender organization’s website or the topic mentioned in the email). Pay attention to the website addresses you click on, as well as those you enter yourself. Malicious website addresses often appear almost identical to legitimate sites, often using a slight variation in spelling or a different domain (e.g., .com instead of .net).
Open email attachments with caution. Be wary of opening email attachments, even from senders you think you know, particularly when attachments are compressed files or ZIP files.
Keep your personal information safe. Check a website’s security to ensure the information you submit is encrypted before you provide it.
Verify email senders. If you are unsure whether or not an email is legitimate, try to verify the email’s legitimacy by contacting the sender directly. Do not click on any links in the email. If possible, use a previous (legitimate) email to ensure the contact information you have for the sender is authentic before you contact them.
Inform yourself. Keep yourself informed about recent cybersecurity threats and up to date on ransomware techniques. You can find information about known phishing attacks on the Anti-Phishing Working Group website. You may also want to sign up for CISA product notifications, which will alert you when a new Alert, Analysis Report, Bulletin, Current Activity, or Tip has been published.
Use and maintain preventative software programs. Install antivirus software, firewalls, and email filters—and keep them updated—to reduce malicious network traffic.
How Do You Respond To A Ransomware Infection?
Isolate the infected system. Remove the infected system from all networks, and disable the computer’s wireless, Bluetooth, and any other potential networking capabilities. Ensure all shared and networked drives are disconnected whether wired or wireless.
Turn off other computers and devices. Power-off and segregate (i.e., remove from the network) the infected computer(s). Power-off and segregate any other computers or devices that shared a network with the infected computer(s) that have not been fully encrypted by ransomware. If possible, collect and secure all infected and potentially infected computers and devices in a central location, making sure to clearly label any computers that have been encrypted. Powering-off and segregating infected computers and computers that have not been fully encrypted may allow for the recovery of partially encrypted files by specialists.
Secure your backups. Ensure that your backup data is offline and secure. If possible, scan your backup data with an antivirus program to check that it is free of malware.
What Do You Do If My Computer Is Infected With Ransomware?
- Home users: immediately contact your local FBI office or local U.S. Secret Service office to request assistance.
- Organizations: immediately report ransomware incidents to your IT helpdesk or security office.
- All users: change all system passwords once the ransomware has been removed. You can submit ransomware files to CISA for analysis via https://www.malware.us-cert.gov/MalwareSubmission/pages/submission.jsf
More Information About Ransomware
- CISA Ransomware page
- CISA Malware Analysis Submission page
- Protecting Against Malicious Code
- Handling Destructive Malware
- Carnegie Mellon Software Engineering Institute blog post: Ransomware: Best Practices for Prevention and Response
- FBI article: Incidents of Ransomware on the Rise
- FBI Tech Tuesday: Building a Digital Defense Against Ransomware at Home
- MalwareBytes – What Is Ransomware and How To Remove It
More Help
If you are a company, agency, or organization the SCARS US|GCP services division can help you avoid socially engineered attacks.
Contact them at www.USGCP.com
SCARS™ Team
A SCARS Division
Miami Florida U.S.A.
Portions from: United States Department of Homeland Security – CISA
TAGS: Ransomware, Malware, Cybersecurity, Guide, Attact, Intrusion, Infection, Virus, Socially Engineered Attacks, Protections, Data, Network, Computer,
END
MORE INFORMATION
– – –
Tell us about your experiences with Romance Scammers in our Scams Discussion Forum on Facebook »
– – –
FAQ: How Do You Properly Report Scammers?
It is essential that law enforcement knows about scams & scammers, even though there is nothing (in most cases) that they can do.
Always report scams involving money lost or where you received money to:
- Local Police – ask them to take an “informational” police report – say you need it for your insurance
- Your National Police or FBI (www.IC3.gov »)
- The SCARS|CDN™ Cybercriminal Data Network – Worldwide Reporting Network HERE » or on www.Anyscam.com »
This helps your government understand the problem, and allows law enforcement to add scammers on watch lists worldwide.
– – –
Visit our NEW Main SCARS Facebook page for much more information about scams and online crime: www.facebook.com/SCARS.News.And.Information »
To learn more about SCARS visit www.AgainstScams.org
Please be sure to report all scammers HERE » or on www.Anyscam.com »
Legal Notices:
All original content is Copyright © 1991 – 2020 SCARS All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.
SCARS, RSN, Romance Scams Now, SCARS|WORLDWIDE, SCARS|GLOBAL, SCARS, Society of Citizens Against Relationship Scams, Society of Citizens Against Romance Scams, SCARS|ANYSCAM, Project Anyscam, Anyscam, SCARS|GOFCH, GOFCH, SCARS|CHINA, SCARS|CDN, SCARS|UK, SCARS Cybercriminal Data Network, Cobalt Alert, Scam Victims Support Group, are all trademarks of Society of Citizens Against Relationship Scams Incorporated.
Contact the law firm for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org
-/ 30 /-
What do you think about this?
Please share your thoughts in a comment below!
Article Rating
Table of Contents
POPULAR ARTICLES
RATE THIS ARTICLE?
LEAVE A COMMENT?
Recent Comments
On Other Articles
on Buried Cell Phones/Smartphones & Hidden Cameras – New Cybercrime – Cyber Surveillance by Local Criminals – 2025: “This is beyond concerning. To be tracked at your home is obviously a huge violation of privacy. Thank you for…” Jun 13, 06:56
on Scam Victim’s Learning Process [INFOGRAPHIC]: “The commitment to learning and recovering from the scam is indeed overwhelming. At first I struggled to comprehend the material…” Jun 12, 20:54
on Victim’s Bias – A Cognitive Bias Affecting Crime Victims: “I did in the early days after my crime ended tend to think only another crime victim would understand me…” Jun 9, 19:52
on Long Term Fear & Phobias From Scam Victim Trauma 2021 [UPDATED 2024]: “Great article, well written! I especially liked the short video at the end about trauma and our ANS. I need…” Jun 9, 19:00
on Victim Expectations And Recovery Failure: “I have made the commitment to learn as much as I can about myself, the criminal’s tactics, and how I…” Jun 9, 16:35
on Psychological & Emotional Abuse During A Romance Scam: “This article is very concise in spelling out the effects of psychological and emotional abuse. It is ironic that 30…” Jun 8, 20:11
on Dissociative Amnesia – Psychology of Scams: “I am glad there are ways to handle this type of amnesia. When I realized my fraud, it was very…” Jun 8, 19:38
on Barnum Statements – Manipulative Technique Used by Magicians, Con Artists, and Scammers – 2025: “This is a very helpful article, it makes sense and I will be thinking about it. Thank you” Jun 8, 14:52
on Barnum Statements – Manipulative Technique Used by Magicians, Con Artists, and Scammers – 2025: “During the course of my romantic fraud , I heard many of these “Barnum statements ” from the mouth of…” Jun 7, 08:58
Important Information for New Scam Victims
- Please visit www.ScamVictimsSupport.org – a SCARS Website for New Scam Victims & Sextortion Victims
- Enroll in FREE SCARS Scam Survivor’s School now at www.SCARSeducation.org
- Please visit www.ScamPsychology.org – to more fully understand the psychological concepts involved in scams and scam victim recovery
If you are looking for local trauma counselors please visit counseling.AgainstScams.org or join SCARS for our counseling/therapy benefit: membership.AgainstScams.org
If you need to speak with someone now, you can dial 988 or find phone numbers for crisis hotlines all around the world here: www.opencounseling.com/suicide-hotlines
A Note About Labeling!
We often use the term ‘scam victim’ in our articles, but this is a convenience to help those searching for information in search engines like Google. It is just a convenience and has no deeper meaning. If you have come through such an experience, YOU are a Survivor! It was not your fault. You are not alone! Axios!
A Question of Trust
At the SCARS Institute, we invite you to do your own research on the topics we speak about and publish, Our team investigates the subject being discussed, especially when it comes to understanding the scam victims-survivors experience. You can do Google searches but in many cases, you will have to wade through scientific papers and studies. However, remember that biases and perspectives matter and influence the outcome. Regardless, we encourage you to explore these topics as thoroughly as you can for your own awareness.
Statement About Victim Blaming
Some of our articles discuss various aspects of victims. This is both about better understanding victims (the science of victimology) and their behaviors and psychology. This helps us to educate victims/survivors about why these crimes happened and to not blame themselves, better develop recovery programs, and to help victims avoid scams in the future. At times this may sound like blaming the victim, but it does not blame scam victims, we are simply explaining the hows and whys of the experience victims have.
These articles, about the Psychology of Scams or Victim Psychology – meaning that all humans have psychological or cognitive characteristics in common that can either be exploited or work against us – help us all to understand the unique challenges victims face before, during, and after scams, fraud, or cybercrimes. These sometimes talk about some of the vulnerabilities the scammers exploit. Victims rarely have control of them or are even aware of them, until something like a scam happens and then they can learn how their mind works and how to overcome these mechanisms.
Articles like these help victims and others understand these processes and how to help prevent them from being exploited again or to help them recover more easily by understanding their post-scam behaviors. Learn more about the Psychology of Scams at www.ScamPsychology.org
Psychology Disclaimer:
All articles about psychology and the human brain on this website are for information & education only
The information provided in this article is intended for educational and self-help purposes only and should not be construed as a substitute for professional therapy or counseling.
While any self-help techniques outlined herein may be beneficial for scam victims seeking to recover from their experience and move towards recovery, it is important to consult with a qualified mental health professional before initiating any course of action. Each individual’s experience and needs are unique, and what works for one person may not be suitable for another.
Additionally, any approach may not be appropriate for individuals with certain pre-existing mental health conditions or trauma histories. It is advisable to seek guidance from a licensed therapist or counselor who can provide personalized support, guidance, and treatment tailored to your specific needs.
If you are experiencing significant distress or emotional difficulties related to a scam or other traumatic event, please consult your doctor or mental health provider for appropriate care and support.
Also read our SCARS Institute Statement about Professional Care for Scam Victims – click here to go to our ScamsNOW.com website.
Thank you for your comment. You may receive an email to follow up. We never share your data with marketers.