Full text

Overview of Ransomware

Ransomware is malware that locks your computer or prevents you from accessing your data using private key encryption until you pay a ransom. That ransom is usually paid in Bitcoin. Data based extortion has been around since about 2005 but the development of ransom encryption software and Bitcoins have greatly facilitated the scheme (Zetter, 2015).

While ransomware attacks on personal computers are the stories that generally make the news, ransomware have also been developed to attack mobile phones by changing the PIN number of the device and then requiring a ransom to obtain the new PIN (Zetter, 2015). Ransomware is big business. The computer security firm Symantec conservatively estimates that ransomware extorts hundreds of millions from victims each year. Symantec also notes that paying the ransom is no guarantee that the decryption key will be provided and, in many cases, it is not (Zetter, 2015).

Ransomware can be divided into two basic types. The most common is crypto ransomware, which encrypts files and data. The second type is locker ransomware. This version locks the computer or other device, preventing the victims from using it (Savage, Coogan, & Lau, 2015). Locker ransomware only locks the device; the data stored on the device is typically untouched. As a result, if the malware is removed, the data is untouched. Even if the malware cannot be easily removed, the data can often be recovered by moving the storage device, typically a hard drive, to another functioning computer. This makes locker ransomware much less effective in extorting ransom payments (Savage, Coogan, & Lau, 2015).

...