Ransomware is malware (malicious software) that denies access to all or part of the information on a computer, and demands payment of a fee, or ransom, to regain access.
Typically, ransomware encrypts a significant portion of the computer’s hard drive so it’s no longer accessible to the user. The encryption is often a strong public key encryption that is practically impossible to defeat. Once the ransom is paid, the person or people behind the malware may offer a method to decrypt the data and restore access… or not, simply taking the money.
It’s important to realize that ransomware is simply another form of malware, and is often delivered in the form of a virus or trojan. As such, it’s best avoided by all of the same techniques that one uses to avoid any malware: up-to-date and properly configured security software and settings, keeping your system up-to-date, and using safe online behavior.
Ransomware is a type of malware from cryptovirology that threatens to publish the victim's personal data or perpetually block access to it unless a ransom is paid. While some simple ransomware may lock the system so that it is not difficult for a knowledgeable person to reverse, more advanced malware uses a technique called cryptoviral extortion. It encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. In a properly implemented cryptoviral extortion attack, recovering the files without the decryption key is an intractable problem – and difficult to trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the WannaCry worm, traveled automatically between computers without user interaction.
Starting from around 2012, the use of ransomware scams has grown internationally. There were 181.5 million ransomware attacks in the first six months of 2018. This record marks a 229% increase over this same time frame in 2017. In June 2014, vendor McAfee released data showing that it had collected more than double the number of ransomware samples that quarter than it had in the same quarter of the previous year. CryptoLocker was particularly successful, procuring an estimated US$3 million before it was taken down by authorities, and CryptoWall was estimated by the US Federal Bureau of Investigation (FBI) to have accrued over US$18 million by June 2015. In 2020, the IC3 received 2,474 complaints identified as ransomware with adjusted losses of over $29.1 million. The losses could be more than that according to FBI.