This chapter focuses on different kinds of ransomware seen at different times. We have talked about malware and the techniques used by them in Chapter 1, Malware from Fun to Profit. Ransomware are also a kind of malware and they inherit a lot of techniques from other malware. Persistence mechanism described in section 3.3 Malware persistence in Chapter 1, Malware from Fun to Profit, is also employed by malware. Some techniques might not be inherited. As an  example other malware try to hide themselves while a ransomware is noisy. But it becomes noisy only after its work is done, prior to which it prefers to stay undetected.

In this chapter we will talk about some techniques that are more specific to Ransomwares. Most techniques are explained in context with Windows, so some Windows APIs have been referenced. For a better understanding of APIs, readers can refer to MSDN. Some sections give hints on how to analyze a particular type of ransomware. Network administrators who are interested in understanding malware can use these hints to further explore the topic.

The following types of ransomware are covered:

• Scareware and rogue security software
• ScreenLocker
• Browser ransomware
• Crypto ransomware
• Ransomware targeting infrastructure
• Boot ransomware

 For each type of ransomware, the following points are covered:

• Techniques used with the ransomware family
• Some popular ransomware in the family
• Guidelines on analyzing such ransomware for malware analysts
• Notes on prevention and removal, although this is covered in the last chapter

So, let's get started!