Ransomware is malware that encrypts or locks computer files, and then demands payment of a “ransom” to decrypt or unlock them. There is no guarantee that paying the ransom will regain access and victims of ransomware can be subject to multiple attacks if they are not protected. Ransomware is traditionally very difficult to detect, stop, and remediate.
One conventional way to detect ransomware is to determine whether a process is encrypting files. However, modern forms of ransomware may encrypt files in ways that make it more difficult to detect encryption using traditional methods.