What is Ransomware Full Educational Guide

Computer viruses have existed since the beginning of human entry on the Internet, but it can be said that they existed before the Internet form that we see now, both from a technical point of view and from the point of view of human interaction with it.

The presence of viruses in digital life has become a normal and usual occurrence from time to time. Every once in a while a ferocious virus appears; Most antivirus programs cannot detect or eliminate it, and it terrifies computer users for some time.

Then the developers of anti-virus programs update and detect the protection system in these programs. This process is repeated every once in a while, and most of the most powerful viruses that have appeared did not cause panic to users for a period of more than several months.

Because even if antivirus programs are not able to eliminate the new virus, there are other ways to get rid of the virus in operating systems or even limit the process of its spread, such as deleting the system and reinstalling it after making a comprehensive scan of the infected part.

But the situation is different with the ransom virus, which will not be erased by removing the operating system and reinstalling it.

Our article today explains what the ransom virus is, why it is one of the fiercest computer malware, and how to protect your computer from it with simple steps, without technical complications or paying huge amounts of paid protection programs.

What is ransomware?

The term ransomware or ransomware in English is not a virus in the true sense of the word, but rather a malicious program through which the hacker (Hacker) encrypts the files on the victim’s computer, and to decrypt these files, the hacker asks for a sum of money in exchange for the decryption key.

Which may range in price from a few hundred dollars, sometimes to thousands of dollars, according to the nature of the files and their importance to the user. As for the payment, it is in the form of a digital currency, often Bitcoin .

Why is his name associated with the word virus? Well simply calling all programs that cause damage to the computer the word virus is common among non-professional computer users, but it is not an accurate label.

Because these programs are divided into several types according to the harm they do, and the nature of their interaction with the infected computer, as in nature, bacteria differ from viruses, for example, spyware differs from malware and so on.

To make it easier, we will refer most of the time to the ransom program as a virus in this article, and we will explain in an upcoming article the difference between computer malicious programs according to their damage and purpose of infecting the computer, and the correct name for each of them.

The most important methods that hackers use to send ransomware to the victim

There are many methods used by hackers to send the ransom virus to the victim’s computer, but we will discuss the most famous of these methods, which any computer user, regardless of their technical knowledge, may fall into:

1. Adding a ransomware file inside an app or game after jailbreaking it

This method is considered one of the most popular methods of hacking in general, and infecting the computer with the ransom virus in particular. While some may avoid opening suspicious messages they found in their e-mail, or even after opening them, they do not download their contents.

On the other hand, there is a large segment of computer users around the world who rely on pirated programs and games almost completely, which exposes their computers to infection with malicious programs and viruses of varying ferocity.

Some of these programs are as simple as showing pop-up ads extensively on the desktop of the infected computer. Another malicious program (known as a mining virus) may exploit all computer resources to mine digital currencies for the hacker in what is known as Crypto Jacking.

This virus is very common in pirated games, since often the user who is interested in downloading pirated games has a powerful graphic card to run them, which is what the mining process is based on.

Although constant ads appearing or using graphics processor power for mining are annoying, they can be eliminated by removing the game or the infected program while running an updated antivirus program, for example.

But for ransomware, it’s different. Once the program containing the virus is opened, all files on the user’s computer are encrypted, a process that cannot be reversed without a decryption key.

2. Visit sites that force download suspicious files

Pirated content sites always aim to make a profit through ads, and the ability to add ads from a trusted company that displays safe ads (such as Google Adsense ) is almost non-existent for these sites.

The owners of these sites turn to the networks that accept the presence of their ads on sites of pirated content or even pornographic content. Usually these companies do not set safe standards or conditions for accepting the advertisement with them.

You may open a page to watch a movie or series until an automatic download of a program whose size does not exceed a few megabytes ends with the extension .exe or msi.

The small size here is important so that the program file is downloaded to the computer before you can notice it and cancel the download. You may discover the presence of the program later within your downloaded programs, and you get confused and think that it is a program that you downloaded and forgot its purpose, so curiosity pushes you to open it so that the virus begins to work and spread.

3. Hacking the victim’s device by sending a malicious file as a normal file

You may find a message on your e-mail telling you that you have won a grand prize, and you must download a specific file and fill it with your own data to send the prize money. Once the file is downloaded and opened, the hacker can take control of your computer.

The process of hacking is easier if you grant administrative powers to this file while opening it, here the hacker can control and manage your entire operating system, which facilitates the hacking process, followed by encryption.

Note that hackers are improving the look and nature of the message, you may find it is sent from an email address that looks like the mailing addresses of trusted parties to deceive you, you may find the content of the message is very ordinary and resemble messages you receive regularly and actually interact with it.

4. Malicious links

Malicious links may come to you with the same idea as the files sent in an email that we mentioned in the previous point. The only difference is that some email services discover these files and prevent them from being sent, so the hacker sends a link when clicked to download the program. This method is a mixture of advertising links that download malicious programs automatically, and messages that contain the same programs.

5. Unknown Browser Add-ons

Maybe you liked a YouTube video and would like to download it to your computer, but you don’t want to use pirated or even non-pirated software to download that clip.

A friend suggested to you one of the Google Chrome extensions , it is often added to the browser manually, because it is not officially available on the Google Add-ons Store (I think this reason will make you doubt and keep you away from this extension), but you install the extension that works like magic and you like it very much .

Then you will be surprised by the disaster later, files have been encrypted or passwords in the browser have been stolen, you cannot access your accounts on social networking sites, and it may even amount to the theft of bank card data that you saved in the browser while you are making online purchases.

I do not want to bother you, but there are a huge number of add-ons that Google has officially adopted and included in the add-ons store, and it turned out later that they are malicious add-ons that collect information, show ads, or even mine.

So be careful in adding these add-ons to your browser, and read about this add-on in a focused manner before activating it, and simply if the extension is performing a suspicious process, or most sites do not allow it, it is often a suspicious add-on or contains malicious software.

The danger of the previous methods is that they may enable the hacker from your computer because of the behaviors that you normally did, so it is not possible to predict the time in which the danger will strike you, but as long as you practice any of the habits that we mentioned in the previous points, your computer and files are exposed to multiple dangers, The least is theft and the biggest is encryption.

There are other means through which the hacker can access your computer, and even control it and send a file or encrypt files and so on. But most of them are loopholes in programs or even operating systems and are quickly resolved, and in some cases, the victim is compensated.

I recall that the Windows operating system added a special program to protect against ransomware within its protection program, after the spread of the famous Wanna Cry ransomware attacks in 2017, which exploited loopholes in the Windows system to infiltrate computers, and the famous Ubuntu system issued security updates to raise the level of protection from This virus.

How do you protect your computer from ransomware?

There are several steps or general actions that we recommend that you follow as they enable you (to a large extent) as a user to avoid infecting your computer with the ransom virus, namely:

1. (I personally consider it the most important and strongest advice) Make a backup copy of the most important files you have, such as files related to your work or personal photos.

Update this copy permanently and keep it on a cloud storage service , in order to protect it in case the ransomware virus spreads to your computer or the storage devices you use.

2. Stay away from downloading pirated programs and games, as they are a primary source of malicious software, including the ransom virus.

3. Avoid entering websites that contain pirated or inappropriate content, or even contain a large number of pop-up ads.

4. The hacker may be able to enter your device through a loophole in the operating system, which often speeds up the system owner by issuing an update that closes it, so be sure to update your operating system permanently.

5. The operating system falls under the category of programs or Software, and therefore it is hacked like games and programs, but some may neglect it or not realize that the system that has been jailbroken or hacked is an inherent danger in their computer.

Therefore, we recommend using an original operating system, or even using it without activating it in the event that the activation price is high for you, and for the record, the Windows 10 operating system does not add to the user performance-related features when activated, activation only allows you to control some of the aesthetic features, which can be used in a way normal without it.

6. Do not open any email that you suspect of its content or the email address sent from it, and if you open it out of curiosity or by mistake, do not click on any links in it, no matter how tempting, and of course do not download any programs or files attached to it.

7. Use an independent antivirus program, and do not depend on the Windows Defender program attached to Windows 10, which despite its efficiency, is not up to the specialized programs in this field, of which free copies are available such as Avast and Kaspersky . Specialized programs provide excellent features and a high level of protection and security even without buying it.

Buying professional copies of these programs is useful, of course, and provides powerful tools and means of protection and great additional features, such as tools for cleaning the system from unused files, and remnants of program updates files, but relying on free copies is enough if you do not want to pay money, or do not care Additional features.

8. If you rely on flash drives or flash drives to transfer files to your PC, be sure to check them before opening them with your antivirus software.

9. Do not install or modify anonymous programs or drivers, as some of them may contain ransomware or other malicious programs.

10. Review any browser extension that you use, no matter how you think it is from a reliable party, search for it on the Internet, and whether any of its users noticed any problems that resulted from its installation or immediately after its installation.

How do you act if your computer is infected with ransomware?

As we explained previously, there are many ways through which a computer can be infected with ransomware, and some of them may be outside the scope of normal use, or in other words they are not caused by wrong behavior or unsafe practice by the user. Are there solutions in case this happens?

After a lengthy search among the sites and reading the advice of specialists, it can be said that there are three solutions that most specialized sites and domain experts recommend to follow in case your computer is infected with the ransomware virus.

And most of the solutions, if not all, do not guarantee ending the problem completely, but rather provide a solution to a specific part of the impact of the ransom virus according to its impact, nature and extent of harm to the user.

For example, there is a user who does not care about his files, because he can download them again and is interested in restoring control of the system and protecting his private data. Some do not care about the system and would like to decrypt the files in any way, and so on, each solution fits a specific point of view and case.

Now here are the solutions available in case your device is infected with ransomware:

1. Use decoding software

Did we mention the difficulty or near-impossibility of decrypting files earlier in this article? So how do we now say that there are decryptors?

Well we did not lie or hide facts; It’s just that the ransom virus dates back to 1989, and since that time there have been different forms and types of it that use different methods and methods of encryption.

and being different from the rest of the computer viruses; It makes removing and detecting it does not mean eliminating its impact, the role of anti-virus programs is to discover and remove it only, which is not done immediately unless this version or type of virus is known, but anti-virus programs do not decrypt.

So there is a reliance on other programs working to decrypt or attempt to decrypt the ransom virus, but does it work? Sometimes. Do you fail? Yes a lot.

So what is the decisive factor in its success or failure?

Simply every hacker has a specific method and specific method of encryption, so when the method is recognized, it is understood, and therefore a program is designed to decrypt it, the same idea of ​​diseases and vaccines, so it may succeed in the event that the hacker has a known method or used an encryption method that was used before.

Finally, after examining and reading a huge number of articles and websites that claim the presence of magic decryption programs, and even put links to programs that contain ransomware and other malicious programs, we concluded that the most secure decryption programs are those recommended by major antivirus companies, such as This list is made by Avast at this link other by AVG is at this link .

If you look at the links, you will find that there is a tool for each encryption method. For example, files whose extension turns to the word Alcatraz after encrypting it is recommended to use a special decryption tool called Alcatraz Locker, and so on.

2. Restore the user’s control over his computer

This solution assumes that you only want to clean your computer from the virus, and you do not care about encrypted files or have access to a backup copy of them, and therefore the first step in this solution is to perform a comprehensive scan of the disk on which you installed the operating system.

There are those who explain in precise steps how to regain control of the system after penetration, but in my opinion this is not the safest procedure, and the virus itself may prevent you from taking the necessary steps for this matter.

Therefore, the best solution is to erase the disk on which the operating system is located, assuming that you have installed the operating system in a drive or a space separate from the rest of the contents of the hard disk, which is something most computer users and technicians do.

After erasing and reinstalling the new system, install an anti-malware program, such as Malwarebytes and start checking the rest of your hard drive to make sure it is free of any malware or viruses.

As I explained, this solution aims to restore your control as a user over your computer, which is very important and for some users is more important than decrypting files.

This is because the hacker’s control of your device may lead to big problems, including using your personal data and your device’s data for criminal purposes, or selling this data on the dark internet , and it may sometimes involve you in cybercrime committed by the hacker.

Note that when you follow the second solution, you may lose any opportunity to communicate with the hacker and decrypt the files, which leads us to the third and final solution.

3. Receipt or negotiation?

Unfortunately, this solution depends on paying the amount required to send the decryption key, especially if the encrypted files are important to you or are valued at a large amount of money, such as files containing financial data or engineering projects that cost a lot of time and effort to implement again.

Well we know that this solution may piss you off a lot, because you are looking for a magical solution to decrypt files without paying a single penny. This is understandable and you are entitled to research it, but this solution may not exist in the event that the hacker used a new or unknown encryption method.

In this case, the appropriate decryption tools (such as the ones we talked about in the first solution) will not be available until after a long time, no one knows how long a revolutionary program may be released in the future (or even tomorrow?) that decrypts any encryption in seconds, but so far There is no such program.

Note that the ransom virus falls victim to famous government institutions and universities, and sometimes international institutions and companies, and in many times the only solution is to negotiate or pay the required amount or even part of it.

Important note: The third solution is not guaranteed, there are many cases of companies and individuals who paid the required amounts and did not receive the decryption key, and there are those who paid and received, of course, but we should be alerted.


Being exposed to ransomware and trying to decrypt and losing a huge amount of data is frustrating, especially if the encrypted files are personal files or files that are difficult to get back.

Experts may not yet come up with a radical solution to completely repel this virus, but this is not a reason to be afraid of the Internet or not to enjoy its benefits.

I started using computers more than twenty years ago, and since then I have encountered a large number of viruses and malicious programs that science did not find any solutions at the time of their issuance.

But it has now become obsolete, and it can be detected with the weakest antivirus software, this means that there is hope for radical solutions and decryption programs, and until that time we advise you to follow the tips that we mentioned in this article to protect your personal computer and files, the most important of which is to create a backup copy of your files and upload them to one of the Cloud storage services.

Has your computer been attacked by a fierce virus before? How did you behave? And what antivirus program did you rely on that helped you get rid of this virus easily? Share your experience with us in the comments.


what is ransomware
what is ransomware attack
what is ransomware definition
what is ransomware quizlet
what is ransomware in computer
what is ransomware as a service
what is ransomware based on
what is ransomware protection
what is ransomware and how does it work
what is ransomware insurance
what is ransomware rollback
what is ransomware article
what is ransomware all about


Comments are closed.