By using ransomware (a type of malware) the attacker restricts the access to personal data until such time a ransom is paid by the victim. Ransomware usually enters a computer through security gaps and propagates itself via a usual computer worm (for example – trojan), which might be a hidden email attachment. Once the system has been infected, the malware will start to encrypt files and data (for example – pictures and Word documents) on the hard drive – this way the interaction with the system is restricted and the user is denied access to his personal files. As soon as the ransomware is done with its task, it deletes itself to cover up the tracks. The user is confronted with messages or pop ups, coaxing him to pay the ransom in order to unlock his files and data. However to extort ransom, the attacker has to contact the potential victim and therefore leaves his trace for example with certain data to a specific bank account for the completion of payment. With professional analysis, those traces can be dereferenced and the attacker’s computer can be identified.