最后的编辑: 2021年9月27日


Ransomware is 一个 of the biggest cyber threats a business or an organization can face. Since ransomware attackers can destroy your data or hold it hostage in exchange for large sums of m一个y, 知道如何保护自己免受潜在的攻击是至关重要的. This article includes everything you need to know about ransomware — how it operates, 常见的攻击类型, 如何处理它,你应该, 不幸的是, 的受害者.


Ransomware is a type of 恶意软件 that encrypts a device’s files or data and demands a ransom to get it back. 

Once a PC or Mac operating system has been infected, a ransom note appears clearly on the screen. 通常, this type of note will include a detailed message about the encryption and explain how the victim can pay the ransom within a set number of hours if the victim wants to recover their data.

通常, 网络罪犯以加密货币的形式索要赎金,例如比特币. 他们更喜欢这种方法,因为很难追踪. 因为很多人不熟悉发送加密货币, attackers usually provide their victims with a step-by-step guide detailing how and where to send the ransom. 从本质上说,他们让受害者更容易付钱.

至于赎金的数额,各不相同. Ransoms of a few hundred dollars are common if the target is an individual home user or a small business. 对大型组织的攻击通常包括高额赎金, 正如攻击者知道的那样,这类公司可以支付得起.

Victims must send the payment within a set number of hours, or else the data will be irrecoverable.

勒索软件在2010年代早期变得非常流行 而且越来越受欢迎. 根据Sophos, 勒索软件攻击的平均恢复成本从761美元飙升,到2020年将达到106美元,达到惊人的1美元.到2021年达到8500万(查看下面的统计数据了解更多细节).

This massive spike emphasizes the importance of taking the necessary precautions to prevent & recover from ransomware attacks whether you’re an independent contractor working from home, 或者是拥有数百名员工的大型企业.


为了帮助您了解勒索软件是多么广泛和具有破坏性, 云顶集团用户登录整理了以下令人大开眼界的统计数据. All of the data is recent to present you with a realistic representation of the severity of a ransomware attack.

  • 平均赎金 2020年支付的是 $170,404

  • 只有 8%的组织 在支付赎金后恢复他们的所有数据; 29%的人得到了一半的数据

  • 在全球范围内,有 3.04亿年 2020年的勒索软件攻击比2019年增加62%.

  • Ransomware检测 增加了435% 2020年与2019年相比.

  • 琉克,顶级的勒索软件,要求一个 288000美元的平均 把数据还给一个受害者.

  • 勒索软件攻击增加了148% 在COVID-19大流行期间. 

  • 卡巴斯基保护了178922个独立用户 从2020年第一季度的勒索软件攻击. 除了, 卡巴斯基的移动应用程序检测到4个,339个安装包感染了勒索软件木马.


来源: Statista


的 most common way a system or device becomes infected with ransomware is through 网络钓鱼. Phishing is a form of social engineering (or fraud) where the attacker sends malicious emails or texts with “urgent” requests to as many people as possible. To gain the trust of a victim, an attacker will typically impersonate a well-known entity or person.

通常, the victim will receive a message containing harmful links or attachments that, 如果点击, 会自动下载并安装恶意软件到受害者的设备上吗. 这种恶意软件可以有很多不同的形式,包括勒索软件.

在某些情况下,如果你不小心安装了一种恶意软件,比如 键盘记录器或密码盗取 木马, attackers may steal your login credentials to infiltrate your computer and ne两个rk and install ransomware.

的 most common way a system or device becomes infected with ransomware is through 网络钓鱼.

勒索软件攻击的另一种方式是通过 利用操作系统或程序/应用程序的漏洞. 黑客有耐心. 他们通常会静静地等待软件安全漏洞的出现. Once this happens, they inject a target system with an exploitation kit to take control. 从这里, it’s only a matter of time before the attackers encrypt valuable data and demand a ransom in return.

另一种形式的勒索软件分发是广告 ——恶意广告的缩写. 浏览网站时(包括合法网站), 用户可以通过点击显示的恶意广告来获取恶意软件. 其他时间, clicking is not even necessary — 恶意软件 can get on your device just by visiting an infected website.

Statista - 2020年最常见的勒索软件交付方式

来源: Statista



的re are 三个 broad types of ransomware: screen lockers, file encryptors, and scareware. 的 first 两个 are forms of 恶意软件 that are designed to encrypt files and data. 的 last 一个 (scareware) is mostly harmless and relies on scare tactics to convince targets to pay up. 阅读以下关于每个勒索软件类别的更多信息.


也被称为储物柜, these are malicious programs that lock your device, preventing you from accessing it. 储物柜可以感染台式电脑和移动设备. 如果您的设备被感染, 你会在屏幕上看到一条消息,说明你的设备已被锁定. 

通常, attackers pretend to be from the FBI or another government organization. 通常, the target will receive a generic message along the lines of: “Your device has been used for illegal purposes.“当然, this will be followed by a message claiming that a fine of generally a few hundred dollars or euros must be paid in order to re-access your device.

如果您希望重新访问您的设备不付费, you could try using a System Restore feature or try reinstalling the operating system. 为了安全起见,一定要备份重要文件 如果你想找回他们!


文件加密ransomware, 又名crypto-ransomware, 加密目标的文件(或只加密它认为必要的文件). 如果你不交赎金,也没有后备, then you’re pretty much out of luck — it’s almost next to impossible to decrypt files infected with this form of ransomware. 

注意: A system’s “image restore” settings generally won’t recover your files — only basic system settings. 而且,支付赎金也不能保证你能拿回你的文件. 一个有信誉的 ransomware预防软件 比如Bitdefender或Norton可以帮助阻止勒索软件的威胁.

文件加密ransomware encrypts a target’s files or only the 一个s that it deems essential.


伪安全软件 is a form of 恶意软件 where pop-up messages appear claiming that your device is infected with 恶意软件. 的se same messages prompt you to buy or download a fake antivirus program that may contain 恶意软件. 

的se types of fake antivirus programs are also referred to as Rogue Security Software. 尽管它们像合法的反病毒程序, their actual intent is to make users pay for a bogus solution or infect a user’s device with 间谍软件, 广告软件,或另一种形式 恶意软件

如果你选择忽略诈骗信息,它们还会继续纠缠你吗. 虽然很烦人,但好消息是你的文件是安全的. 的 best way to remove scareware is via a legitimate anti-ransomware program or app. A 认为杀毒软件解决方案 永远不会让恶意软件感染你的设备!


Since the early 2010s — when ransomware first took off — it has been present in many different forms. 随着时间的推移,勒索软件变得越来越复杂. As so many forms of this malicious software began attacking unsuspecting users, 勒索软件是按家庭分类的, 每一种都有自己独特的特征和名字. Check out the most prominent ransomware strains below; some of them still exist today.

  • Sodinokibi -这个广泛传播的勒索软件家族于2019年曝光. Sodinokibi targets Windows operating systems and professionally encrypts vital files.

  • 琉克 — 琉克 has been wreaking havoc on organizations, especially hospitals, since 2018. 它通过其他形式的恶意软件感染网络,例如 木马.

  • 迷宫 — Discovered in 2019, 迷宫 is the first ransomware that’s been known to leak a victim’s stolen data. 迷宫 informs its victims that all of their sensitive files will be released publicly if they don't pay up.

  • 佛法 — This widespread genre of ransomware targets high-profile companies and institutions, 透过滥发电邮传播, 开发套件, 和RDP访问.

  • -首次发现于2020年1月, 蛇 targets corporate ne两个rks and deletes existing system backups so they can’t be used to restore encrypted files.

  • Cryptolocker -推出于2013年,Cryptolocker是现代勒索软件的前身. 在鼎盛时期,它劫持了多达50万台设备.

  • SimpleLocker ——出现在2014年, this ransomware took advantage of the less secure Android operating systems of the day. 它还加密了目标智能手机的SD卡.

  • TeslaCrypt - 2015年严重破坏系统, TeslaCrypt mainly targeted gaming files and received regular updates from its creators.

  • Cerber ——2016年首次亮相, Cerber exploited a vulnerability in Microsoft-based ne两个rks and computers and pi一个ered the ransomware-as-a-service model.

  • 成束的 — Released in 2016, 成束的 targeted Windows platforms and spread through infected Word documents. 

  • SamSam -主要针对美国医院和教育机构, this 2016 ransomware family first monitored user activity before locking important files.

  • WannaCry -这是最臭名昭著的勒索软件家族之一. Hackers conceived it in 2017 using EternalBlue, an NSA-created exploit that hackers managed to steal.

  • NotPetya— This notorious ransomware is behind some of the most destructive cyberattacks in history — the 2017 cyberattacks on Ukraine and other countries.

  • Leatherlocker - 2017年,这个勒索软件存在于两个名为Booster的安卓应用程序中 & Cleaner and Wallpaper Blur HD and locked home screens rather than encrypting files. 

  • BadRabbit — Discovered in 2017, BadRabbit attacked government organizations from Russia, Ukraine, and the U.加密目标系统上的关键文件.

  • RobbinHood -使用从NASA偷来的永恒之蓝漏洞, 罗宾汉因袭击巴尔的摩而闻名, 医学博士在2019年.

  • GrandCrab — First observed in 2018, GrandCrab supposedly extorted over $2 billion from victims as of mid-2019. 它的目标是基于windows的系统.

  • Thanos -自2020年起作为RaaS出售, it is the first ransomware family to use RIPlace technology which allows it to bypass ransomware prevention mechanisms.

  • ThiefQuest ——于2020年6月发现, 它可以加密文件, 监控键盘输入, 从受害者的设备中窃取加密货币相关文件.

维基百科- WannaCry勒索软件的界面

来源: 维基百科


的 FBI and other law enforcement agencies advise against paying hackers ransom m一个y. Receiving m一个y only encourages them to continue their attacks with new and improved ransomware. 仍然, many organizations disregard this advice as getting their data back outweighs the costs associated with paying the ransom. 

If the cost of losing the locked data is greater than the ransom, many businesses will choose to pay. Hackers also incentivize victims to pay by making the payment window time-restricted and offering a discount for acting fast. As menti一个d earlier, ransoms vary anywhere from a few hundred dollars to hundreds of thousands. 

如果你必须做出是否支付赎金的道德决定, 请注意,付费并不保证你会恢复你的数据. It’s not uncommon for ransomware hackers to take your m一个y and not look back. 投资 网络安全套件 今天帮助防止勒索软件找到它的方式进入您的设备.


Mac ransomware

macOS can also get infected with ransomware, just like other operating systems. 的 first ransomware to hit Mac was KeRanger, which encrypted files after a short hibernation period. That threat has since been taken care of — Apple has released a fix for Mac’s antivirus.

2020年6月发现了一种新型勒索软件ThiefQuest. 它可以加密受害者的文件, 监控键盘输入, 并从受感染的主机窃取加密货币相关文件.

这表明 勒索软件和其他形式的恶意软件一样,也能渗透到Mac的防御系统中. 因此, 用可靠的Mac防病毒软件来保护你的苹果设备是至关重要的, 比如Bitdefender或者McAfee.



一旦你得知自己感染了勒索软件 第一步是断开你的互联网连接. 这将阻止它通过你的网络传播到其他计算机. 其次, 给你的屏幕拍张照片 清楚地显示了赎金便条,可以转交给当局. 

当你要取回数据的时候,不幸的是,大多数时候, 没有简单的方法 除非你有备份. 如果你的文件有备份,那么你很幸运. Before restoring your files using the backup, first remove the threat from your device. 你可以用两种方法来做这件事:

  • 重新安装你的操作系统和清除你的硬盘驱动器-这是最安全的方式.

  • OR, 使用勒索软件清除解决方案在安全模式下重新启动您的计算机, 并使用系统映像恢复您的PC.

Once you’ve d一个 一个 of the above options, you can safely restore the data from your backup. 如果你没有备份,你可以尝试在网上搜索一个 可验证但并不能保证它一定有效. 

当提到移动设备时, your best bet at dealing with a ransomware infection is to factory reset your ph一个. 这将处理勒索软件, 但不幸的是, 如果你事先没有备份,你的个人档案就会丢失.




无论你的企业或组织规模有多大, 你可以通过一些简单的提示来防止勒索软件. Stopping ransomware in its tracks involves staying vigilant when using the web or sending emails. Always be sure to backup your files and use a reputable anti-ransomware solution. 了解更多关于勒索软件预防在下面.

  • 更新操作系统和软件. Keeping your OS and other software up-to-date ensures you’ll receive the latest patches and fixes designed to protect you against the newer ransomware iterations.

  • 只安装你信任的程序和应用程序. If you’re not sure that a program or app is legitimate and secure, it’s best to avoid it. 另外,不要下载被破解的软件,因为它通常含有恶意软件.

  • 随时了解最新的威胁. 阅读最新的网络攻击是一种健康的习惯. 如果你是一个企业主, make sure your employees are aware of threats like ransomware and know how to stay safe.

  • 不要打开可疑的邮件附件或链接. 大多数勒索软件攻击是通过电子邮件钓鱼进行的. 避免打开附件或点击可疑邮件的链接.

  • 定期备份你的文件. 这是在勒索软件攻击的情况下恢复数据的最好方法. 遵守3-2-1规则——保持 三个 备份副本上 两个 分开的媒体形式,有 一个 备份在不同的位置.

  • 安装防病毒程序. 这一点怎么说都不过分. 您必须有一个完整的反勒索软件套件安装在您的系统. Ransomware protection programs such as Norton or Kaspersky do a great job of stopping ransomware.



Ransomware is 恶意软件 that takes files or an operating system hostage and demands a ransom for its release. 然而,勒索软件并不是一种确切的病毒. 的 term “virus” refers to a specific type of 恶意软件 that can corrupt or destroy data. 

Ransomware can enter your computer or mobile device through malicious email attachments, 网站, 和应用程序. Improve your defenses against ransomware attacks by installing an anti-ransomware program.


的re are 两个 types of ransomware that can endanger your data: screen lockers and file encryptors. 第一种类型控制设备的操作系统, 阻止用户访问他们的电脑或智能手机. 的 second type encrypts specific files on a device’s drive; should this happen, 你需要一个解密密钥才能重新访问它们. 

Both types of ransomware will paste a message onto your screen advising you about paying a ransom and recovering your files. 幸运的是, 强大的杀毒工具 like Bitdefender are equipped with the dedicated features required to stop ransomware attacks.


感染您的电脑或智能手机的勒索软件可以被删除, 但您可能无法在此过程中恢复您的加密文件. 

清除勒索软件威胁, you can either reinstall your operating system and wipe your drives (or reset your ph一个 if the infected device is a smartph一个), 或者在安全模式下启动计算机 使用可靠的反勒索软件解决方案 检测和消除威胁,并恢复系统映像(如果有).


多年来,勒索软件的种类很多. 的 resurgence of ransomware started in 2013 with CryptoLocker, which was very lucrative. 从那时起, 每年都有很多勒索软件家庭出现, 包括2015年的特斯拉rypt, 成束的2016年, 2017年WannaCry, 琉克在2018年, 以及2019年的Sodinokibi. 

得到一个强大的 杀毒软件套件 以避免危险的勒索软件威胁.


Law enforcement agencies like the FBI have advised targets not to pay ransoms 因为这只会鼓励黑客在未来攻击其他人. 然而,, many companies and home users find this to be a challenging debate as often the only way to recover sensitive files is to pay the ransom. 

尽管如此,这样做并不能保证您将获得您的文件. Also, paying the fee may not even be worth it if your files are not that important. Conversely, if the files are valuable, paying the ransom may be a viable option. To avoid difficult situations like these, get yourself a robust anti-ransomware program.

Octav费 (网络编辑)

Octav是AntivirusGuide网站的网络安全研究员和作者. 当他不在网上发表他对安全软件的真实看法时, 他喜欢学习编程, 看天文学纪录片, 参加常识竞赛.