- Ransomware kits on the deep web have enabled cybercriminals to purchase and use software tools to create ransomware with specific capabilities. They can then generate this malware for their own distribution, with ransoms paid to their bitcoin accounts. As with much of the rest of the information technology world, it is now possible for those with little or no technical background to order inexpensive ransomware as a service (RaaS) and launch attacks with minimal effort.


- One of the more common methods of delivering ransomware attacks is through a phishing email. An attachment the victim thinks they can trust is added to an email as a link. Once the victim clicks on that link, the malware in the file begins to download.


- Other more aggressive forms of ransomware will exploit security holes to infect a system, so they do not have to rely on tricking users. The malware can also be spread through chat messages, removable Universal Serial Bus (USB) drives or browser plugins.


- Once the malware is in a system, it will begin encrypting the victim's data. It will then add an extension to the files, making them inaccessible. Once this is done, the files cannot be decrypted without a key known only by the attacker. The ransomware will then display a message to the victim, explaining that files are inaccessible and can only be accessed again upon paying a ransom to the attackers -- commonly in the form of bitcoin.