Ransomware is malicious software that encrypts data or blocks access to it, demanding that the user pay for unlocking or decrypting the data. Different varieties of malware target desktop systems and mobile devices.
The first-ever known ransomware attack occurred in 1989. The creator of the ransomware program, an evolutionary biologist named Joseph Popp, sent out floppy disks with a sticker on them that read, “AIDS Information. Introductory Diskette”, to attendees of a World Health Organization AIDS conference. The ransomware encrypted file names and extensions, demanding that the victims pay for a license. The attack was dubbed “AIDS”. Although it was not successful, later ransomware became popular, spawning the ransomware-as-a-service model, whereby technically savvy attackers lease out their malicious code and infrastructure to anyone who wishes to use them.
Types of ransomware
- Lockers. These lock the device or imitate a locked state while displaying a ransom note on the screen. Lockers often exploit victims’ anxiety over fines for the storing and viewing of forbidden material. A device can also become locked purportedly due to a malware infection, with the attackers demanding a ransom payment for disinfection.
- Cryptomalware. These encrypt some or all of the victim’s files, demanding a ransom for decryption. In addition to the file encryption, sometimes the attackers threaten to publish the victim’s data. Programs of this nature are called leakware (leak + software) or doxware (dox + software).
Ways of spreading ransomware
Like with any malware, ransomware can penetrate an end-user device in several ways. For example:
- Exploiting vulnerabilities in the operating system, web browsers, etc.
- Hijacking the victim’s account by brute-forcing the password or using stolen credentials, e.g., for a remote desktop protocol.
- Spreading malicious links or attachments via email.
Ransomware programs attack both individuals and organizations. In either case, a successful attack results in downtime as well as costs associated with data recovery. In addition to that, the damage done by ransomware is not always reversible. For instance, the ransomware program may prove to be a wiper, i.e., a type of malware that ruins or damages data beyond repair.
To combat ransomware, law enforcement bodies from various countries teamed up with cybersecurity vendors to create a project named “No More Ransom”. The project’s website provides information on ransomware programs, a utility that helps users detect which ransomware family they encountered, and decryption tools that exist for various cryptomalware families.