Ransomware is a type of malware that creeps into a network, scans the network to identify targets, and then uses encryption to seize all or some parts of the network. Thus, the victim's information is held at a ransom. After encrypting the files, the attacker becomes the only one with the decrypting key. In a network that experienced a ransomware attack, the system owner will not be able to have access to the files, databases, or applications. The attacker then resumes operation by demanding ransom.

Ransomware works by spreading across a network with the aim of paralyzing the network. In a ransomware attack, the attacker uses asymmetric encryption. Asymmetric encryption is a type of cryptography that uses a pair of keys to encrypt and decrypt a file. The pair of keys are a private and a public key, and the attacker uniquely generates both keys. The private key will be required to decrypt the files, and it may be nearly impossible to decrypt the files without the private key. Imagine a situation where someone creeps into your house, changes the locks on the doors, and sends you a message to pay some ransom before you get a key to unlock your home. Often, the attacker will contact the victim on how to pay a ransom to receive the private key with which to decrypt the files or seized assets.