Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

What is ransomware and how can you stop it?

Ransomware is a type of malware that encrypts your data or locks your screen until you pay a ransom. Imagine you just finished that thesis you’ve spent years working on. The next day you switch your device on and see a blinking red message informing you that you can’t access your files unless you pay 500 USD. You’ve just been hit by a ransomware attack. Learn more about this type of attack below.

Paulius Ilevičius

Paulius Ilevičius

What is ransomware and how can you stop it?

How does ransomware work?

Ransomware is a type of malware that hackers use to encrypt the victim’s data and then demand a ransom to restore it. This type of ransomware is called crypto ransomware. Hackers hold the key, without which the victim is unable to access the content. They usually require payments in untraceable cryptocurrency.

The second type of ransomware is ransom lockers. Instead of encrypting the victim’s data, hackers lock the screen of the device, blocking access to the files and the entire OS.

Different strains of ransomware include the dangerous maze ransomware and the strangely charitable GoodWill one. While scareware can be relatively harmless, doxware can threaten to publish your sensitive information to the public. Whatever the ransomware strain, it usually does substantial damage to its victims.

How does ransomware spread?

Ransomware’s infection methods do not differ significantly from other kinds of malware. You can get ransomware through a phishing email, a malicious link, a download from a suspicious website, or other social engineering tricks. Once activated, it encrypts the victim’s files. Finally, the malware or the hacker themselves will inform the victim on when and how to pay the ransom.

Anyone can be a ransomware target, but these entities are more likely to be attacked:

  • Big companies with significant financial resources. Cybercriminals tend to target those who are more likely to pay. As indicated in the latest NordLocker research into ransomware statistics, companies earning between 10 and 25 million USD are attacked the most, along with businesses with 51-200 employees.
  • Companies in the manufacturing and construction industries end up on cybercriminals’ radar most often, with transportation/logistics companies and Tech/IT businesses not far behind, as the report on ransomware statistics indicates.
  • Organizations handling sensitive data. Sometimes companies pay the ransom if the data is very sensitive, and losing it can cause significant damage. Therefore, healthcare companies are frequent targets due to the especially sensitive nature of the data they keep on file.
  • Individuals handling valuable data. Hackers might also threaten to expose confidential or compromising data or just destroy all the encrypted files in case they do not get the ransom.
  • Entities based in wealthier countries are more likely to be attacked because they can pay more. As the ransomware analysis suggests, attackers typically target entities in English-speaking and other Western countries.
  • Organizations and individuals with weaker security infrastructure or outdated software.

Ransomware removal

Anti-malware software or device resets may remove ransomware, but these methods are highly unlikely to save your files. It will probably be impossible to decrypt them unless you have the necessary key, though your files may be recoverable in some cases.

How to prevent ransomware

To minimize your risk, use these ransomware prevention methods:

  • Don’t download anything from suspicious websites, and don’t open suspicious links, emails or messages.
  • Always use common sense and your knowledge of social engineering techniques, especially if you work with sensitive data.
  • A secure backup is one of the best defenses against ransomware. Keep your most sensitive data in an encrypted cloud where only you will be able to access it.
  • Always keep your security software up to date.
  • If you notice any suspicious apps you do not recognize, get rid of them immediately. Read about different ways of removing malware from Android and iPhone.
  • If you work with sensitive data or have other reasons why you might be targeted with ransomware, try keeping a low profile online and don’t discuss your position on social networks.
  • Use strong passwords because some malware initiates brute-force attacks to crack them. Check our NordPass app for your password storage. It is secure and easy to use.
  • Use a VPN to encrypt your traffic so that no cybercriminal can intercept it and see what you do online. Our Threat Protection feature will also block suspicious websites and prevent your device from joining a botnet zombie army. Threat Protection scans your downloads to identify malware-ridden files, stops you from landing on malicious websites, and blocks trackers and intrusive ads on the spot.

Secure your internet connection and enhance your privacy with a VPN.

Can a VPN protect me from ransomware?

A VPN can’t stop ransomware, but it can make you less vulnerable to attacks. A VPN hides your IP and encrypts your traffic, improving your overall privacy and security on the internet.

However, you need to stay alert to protect yourself from phishing emails. These emails may contain malicious links or attachments that if clicked on/downloaded, install silent malware — including ransomware — onto your device. A VPN can’t prevent you from clicking on a link, so be cautious at all times. Also, a VPN only protects your data in transit. It does not encrypt your stored files or your computer system, so they can still be accessed by hackers to hold you at ransom.

The good news is that a premium VPN is legal and safe, and can actually go a long way to protecting you from illegal activity, including ransomware attacks. Combined with additional threat protection features, VPNs significantly improve your online privacy and alert you in case you are about to download an infected file. We recommend using a VPN as part of your anti-malware strategy.

PRO TIP: Avoid using personal devices for work, and vice versa. If you regularly access work resources and sensitive data through your own smartphone or computer, hackers could target you as a way to breach the rest of the company’s network.

What to do if you become a victim of ransomware

  • Remove it using anti-malware software or by wiping out your system. However, this will not save your files and you will not be able to pay the ransom.
  • Do not pay the ransom. Keep in mind that you are dealing with criminals, and there’s no guarantee you will get your data back even after paying. By paying, you also support the criminals and encourage their actions.
  • Immediately contact law enforcement.
  • Do some research to check whether the ransomware might be scareware, which tries to intimidate you without actually locking up your files.

Your online safety is paramount. A VPN is a useful, all-round tool to protect your privacy on the internet. Hiding your data from snoopers and cybercriminals, this service will stop hackers spying on your online activities. NordVPN’s encryption key has more combinations than there are atoms in our universe. As soon as a criminal realizes that you’ve got a VPN on your side, they’ll move on to easier prey.

Online security starts with a click.

Stay safe with the world’s leading VPN


Paulius Ilevičius
Paulius Ilevičius Paulius Ilevičius
Paulius Ilevičius is a technology and art enthusiast who is always eager to explore the most up-to-date issues in cybersec and internet freedom. He is always in search for new and unexplored angles to share with his readers.