Ransomware is a type of malicious software (malware) that encrypts the victim's files. The attacker then demands a ransom from the victim to restore access to the data upon payment. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin.

Ransomware can spread through phishing emails, malicious software downloads, exploit kits, and other means. Phishing emails, often disguised as trusted emails, are widely used. They may contain malicious attachments, which when opened, can lead to the ransomware being installed on the victim's device. Exploit kits, on the other hand, are malicious toolkits that are designed to exploit vulnerabilities in a system's software to distribute malware.

Once the ransomware has been activated in the system, it can start encrypting files and folders on local drives, attached drives, backup drives, and potentially even other computers on the same network. User files such as photos, videos, documents, and other important files become inaccessible, and only after a ransom is paid, the victim may (but not always) receive a decryption key to unlock (decrypt) the files.

One of the best ways to prevent ransomware attacks is through regular, thorough backups of critical data and adopting good security practices like keeping software up to date, using robust antivirus software, and being cautious of unexpected or suspicious emails and websites.

Phishing is a type of cyber attack that targets individuals by email, telephone, or text message pretending to be a legitimate institution to lure them into providing sensitive data. This could include personally identifiable information, banking and credit card details, and passwords.

The term "phishing" is a play on the word "fishing," where the cyber criminals are the anglers and the individual is the fish. In a phishing attack, the bait is often a cleverly disguised email or message that appears to come from a trusted source, like a bank, a popular e-commerce site, or a known contact.

There are several types of phishing attacks, including:

1. Email phishing: The most common form of phishing, where an attacker sends fraudulent emails disguised as a reputable company to trick the recipient into sharing personal information or downloading malware.>
2. Spear phishing: This is a more targeted version of phishing where the attacker has done their research, often using social engineering, to create a highly personalized message that comes from a trusted sender.
3. Whaling: This is a type of phishing attack that specifically targets senior executives and high-profile targets within businesses.
4. Smishing and vishing: Smishing is phishing that's conducted over short message service (SMS), and vishing is voice phishing.
5. Pharming: Unlike other phishing attacks, which rely on tricking users into clicking on a link, pharming redirects users to a malicious website even if the correct URL is typed into the web browser.

To protect oneself from phishing, it's advisable to be cautious about all communications, particularly those that ask for personal information, and keep all systems updated with the latest security patches. Regular security awareness training can also be beneficial.