Ransomware

DEFINITION of 'Ransomware'

A cyber-extortion tactic that uses malicious software to hold a user’s computer system hostage until a ransom is paid. Ransomware attackers usually demand ransom in Bitcoin currency due to the perceived anonymity of transacting with cryptocurrency. The malicious software locks a user’s computer for a limited time after which the ransom increases in price or the user’s data is destroyed.

Also known as Crypto-Ransomware.

BREAKING DOWN 'Ransomware'

The advancement of digital technology has made a way for companies to enhance their relationships with consumers by offering more personalized services at personalized costs. Every sector is adapting to progressive technology to boost profits and mitigate the high costs that come from manual processes and operations. But technology isn’t only used by legitimate users to improve their processes, miscreants are also using emergent technology tools to improve their online attacks, either for fun or profit. Data breaches are done to steal personally identifiable information of individuals that will be sold through underground web channels for legal tender or cryptocurrencies. Cyberattacks like Denial of Service (DoS) may be carried out for fun or to make a statement. Some attackers deny a business access to its computer by demanding a certain amount of Bitcoin as payment in order to gain re-entry into the system. This latter unscrupulous means of getting a paycheck is done through Ransomware, which in a way is a form of a DoS attack.

Ransomware is a type of malicious software, or malware, that encrypts a computer’s system data with a key that only the attacker has. The malware is normally injected in an email attachment, software, or unsecured website. A user who tries to access any of these infected programs will trigger the ransomware which either locks the computer screen or encrypts the files in the system. A full-screen window pops up with information that states the user’s computer has been blocked, the amount in money or Bitcoins required to unlock the system, and a countdown timer which indicates the amount of time left before the data held hostage is destroyed or before the ransom is increased. Ransomware attackers usually demand payment to be wired through Western Union or paid through a specialized text message. Some attackers demand payment in the form of gift cards like an Amazon or iTunes Gift Card. Ransomware demands can be as low as a few hundred dollars to as much as $50,000. After payment is made, the hackers decrypt the files and release the system.

Ransomware attackers can infect many computers at once through the use of botnets. A botnet is a network of devices compromised by cybercriminals without the knowledge of the owners of the devices. The hackers infect the computers with malware that gives them control of the systems, and use these breached devices to send millions of compromised email attachments to other devices and systems. By kidnapping multiple systems and expecting the ransom to be paid, the perpetrators are banking on having a huge payday.

Ransomware is a rapidly advancing criminal activity that affects businesses, financial institutions, government agencies, medical institutions and other organizations. A company that has been held hostage by ransomware can have its proprietary information destroyed, operations disrupted, reputation harmed, and finances lost. In 2016, Hollywood Presbyterian Medical Center paid about $17,000 in Bitcoins to ransomware attackers who had taken the data of the hospital’s patients hostage. During the crisis, some patients had to be transferred to other hospitals for treatment and the medical records system was inaccessible for ten days, disrupting the daily operations of the hospital.