Ransomware is one of the most damaging kinds of malware because of what it takes hostage: not a password or an account, but your own files.
What ransomware does
Ransomware encrypts the files on a system — documents, photos, game saves, everything it can reach — and then demands a payment, usually in cryptocurrency, in exchange for the key to unlock them. Until then, the files are there but unreadable. It does not steal the files in the traditional sense; it locks you out of your own data and charges for the way back in.
How it arrives
Ransomware reaches a PC the way most malware does. Phishing messages with malicious attachments or links. Downloads that are not what they claim — cracked software, "free" tools, fake game utilities. Exploited vulnerabilities on systems that were not updated. Sometimes it arrives in stages: an initial infection that quietly disables defences first. There is a known pattern of attackers abusing a legitimate, signed driver to switch off security software before the ransomware itself runs — which is part of why over-trusting signed kernel code is a real concern.
Why paying is not a solution
The demand is designed to feel like the only way out. It is not a reliable one. Paying funds the operation and marks you as someone who pays, and it offers no guarantee — the decryption key may not come, or may not fully work. Security guidance consistently treats payment as a last resort at best, not a fix.
The real defence: backups
The genuine answer to ransomware is preparation, and it is backups. If your important files exist in a separate backup that ransomware on your PC cannot reach — an external drive kept disconnected, or a service with versioning — then encryption of the live copy is a serious inconvenience rather than a catastrophe. You restore from the backup instead of paying. A backup the malware can also encrypt is not a backup; the separation is the point.
The takeaway
Ransomware encrypts your own files and demands payment to release them. It arrives through the familiar routes — phishing, bad downloads, unpatched flaws. Paying is unreliable and best avoided. The real defence is decided before anything happens: separate, offline or versioned backups turn ransomware from a disaster into a restore.