What Is Ransomware?
Ransomware is a cyber-extortion tactic that uses malicious software to hold a user’s computer system hostage until a ransom is paid. Ransomware attackers often demand ransom in cryptocurrency such as Bitcoin due to its perceived anonymity and ease of online payment. The malicious software used in a ransomware attack locks a user’s computer for a limited time after which the ransom increases in price or the user’s data is destroyed.
- Ransomware is a form of malware that encrypts a user's computer files for a period of time, rendering them inaccessible, until a ransom is paid to the attacker.
- The ransom is often demanded in a cryptocurrency such as Bitcoin, which facilitates the online and anonymous payment.
- If the ransom is not paid in a timely manner, the amount demanded may increase until ultimately the user's data is destroyed entirely.
- Ransomware attacks have been identified around the world, costing billions of dollars in bounty paid each year.
Ransomware is a rapidly advancing criminal activity that affects businesses, financial institutions, government agencies, medical institutions and other organizations; it is the product of the advancement of digital technology. Although the advancement of digital technology has made a way for companies to enhance their relationships with consumers by offering more personalized services at personalized costs, technology isn't only used by legitimate users to improve their processes. Miscreants are also using emergent technology tools to improve their online attacks, either for fun or profit. Data breaches are done to steal personally identifiable information of individuals that will be sold through underground web channels for legal tender or cryptocurrencies.
Cyberattacks like Denial of Service (DoS) may be carried out for fun or to make a statement. Some attackers deny a business access to its computer by demanding a certain amount of Bitcoin as payment in order to gain re-entry into the system. This latter unscrupulous means of getting a paycheck is done through Ransomware, which in a way is a form of a DoS attack.
Ransomware is suspected to have cost the global economy $7.5 billion in 2019.
How Ransomware Works
Ransomware is a type of malicious software, or malware, that encrypts a computer’s system data with a key that only the attacker has. The malware is normally injected in an email attachment, software, or unsecured website. A user who tries to access any of these infected programs will trigger the ransomware which either locks the computer screen or encrypts the files in the system. A full-screen window pops up with information that states the user’s computer has been blocked, the amount in money or Bitcoins required to unlock the system, and a countdown timer which indicates the amount of time left before the data held hostage is destroyed or before the ransom is increased. Ransomware attackers usually demand payment to be wired through Western Union or paid through a specialized text message. Some attackers demand payment in the form of gift cards like an Amazon or iTunes Gift Card. Ransomware demands can be as low as a few hundred dollars to as much as $50,000. After payment is made, the hackers decrypt the files and release the system.
Ransomware attackers can infect many computers at once through the use of botnets. A botnet is a network of devices compromised by cybercriminals without the knowledge of the owners of the devices. The hackers infect the computers with malware that gives them control of the systems, and use these breached devices to send millions of compromised email attachments to other devices and systems. By kidnapping multiple systems and expecting the ransom to be paid, the perpetrators are banking on having a huge payday.
Example of Ransomware
A company that has been held hostage by ransomware can have its proprietary information destroyed, operations disrupted, reputation harmed, and finances lost. In 2016, Hollywood Presbyterian Medical Center paid about $17,000 in Bitcoins to ransomware attackers who had taken the data of the hospital’s patients hostage. During the crisis, some patients had to be transferred to other hospitals for treatment and the medical records system was inaccessible for ten days, disrupting the daily operations of the hospital.