Ransomware is a type of malware that attackers use to encrypt individual files or lock down entire computer systems, preventing users from accessing them. The term is a portmanteau of the word “ransom” and “ware” (a term for computer programs/software).
The first documented ransomware attack was the AIDS Trojan Disk in 1989. At the time, Joseph L. Popp, an evolutionary biologist and Harvard graduate, sent 20,000 infected disks to numerous research institutions. After ninety restarts, the program encrypted the data on the hard drive. Victims were instructed to send $189 by mail to a company in Panama to release the data.
Today, ransomware finds its way onto users’ systems via infected e-mail attachments, security vulnerabilities in operating systems and software, or through data services such as Dropbox or Google Drive.
The software then begins to block access to the computer and/or encrypt files that are very important to the user. On Windows systems, these are usually files in the “My Documents” folder, but also documents from Office applications, e-mails, photos, databases and archives.
However, there is also ransomware that acts like remote maintenance software. In this case, the attackers are sitting directly at the other end of the connection and, unbeknownst to the user, search the computer for important files in order not only to encrypt them (single extortion), but also to tap them and use them for double extortion. The attackers threaten to publish the data if the ransom demand is not paid.
Not only has the way ransomware infects a computer changed since the first documented attack, but so had the way the ransom is paid has changed as well. In the past, victims had to send the perpetrators checks, but today it is transfers in a cryptocurrency, which is difficult to trace.
The code to unlock the computer or the key to decrypt the data is sent to the victim after the ransom has been paid, at least that’s the hacker’s promise. However, many cases have shown that paying the ransom is no guarantee that you will actually receive the code or key. Experts therefore advise against meeting the demands.
If you still want to pay, it is important that the transfer does not come from the computer that was the target of the attack. Hackers often install other malware secretly to monitor the computer.
