Presently existing systems of protection against malicious software allow for detecting it in the two ways:                by the characteristic data previously obtained from the malicious files content (signatures, patterns, checksums, etc.);        by the malware behaviour (heuristic and behavioural analyzers).        
These methods are classic and effective against known types of malicious software. Yet, unfortunately, these methods are often powerless against new, recent malicious SW. The first reason for this is that their characteristic data (signatures, checksums) have not been entered yet into the virus database of an antivirus. The second reason lies in that heuristic and behavioural analyzers do not detect any danger, as the malware has been intentionally developed by hackers with its behaviour changed in order not to arouse the antivirus behavioural analyzer's suspicions. Whereby this malware being still unfamiliar to antiviruses often demonstrates itself revealing its presence to the user operating the infected computer at that moment. Ransomware may provide an example of such behaviour blocking computer operation and setting up, for example through display messages, their criminal claims to be executed by the user (usually concerning payments to be made in one way or another). Thus, it is obvious to a user that his/her computer is malware infected (as a malicious program requires certain actions to be performed by him/her), the computer is blocked, not allowing the user to work properly or even start procedures against the malicious program. Furthermore, the antivirus system does not detect and neutralize the infection, as it does not define any new threat, neither by the typical signs nor by the behaviour.