Ransomware is malicious software that encrypts files and then asks for a ransom to be paid for their return. This type of malware has been present since 2004 and became more widespread with the advent of cryptocurrencies, since they made it easier to collect anonymous and untraced payments. Millions, if not billions, of Euros have been extorted from innocent users and businesses in this way.

This course includes a definition of Ransomware such as major types, propagation, operation, payment, prevention, and recovery. It includes a list of history of Ransomware from 2002 to 2017. A list of detection mechanisms such as Sandbox Analysis, CPU Usage, I/O Behaviour, AutoRun Mechanisms, Signature-Based Analysis, and Network Traffic. It also shows a number of case studies.