Part of the Application security glossary:

Ransomware is malware for data kidnapping, an exploit in which the attacker encrypts the victim's data and demands payment for the decryption key

A ransomware program can be installed from an e-mail attachment, an infected program, or a compromised Web site. Malware used for this purpose is sometimes called a cryptovirus, cryptotrojan or cryptoworm.

Ransomware is not new. A paper entitled "Cryptovirology: Extortion-Based Security Threats and Countermeasures," written by security experts at Columbia University and IBM, clearly outlined the concept back in 1996. In the past, though, data kidnappers targeted businesses rather than individuals. 

In March 2006, ransomware known as Crypzip or Zippo circulated to private users on the Internet. Recipients of the Trojan horse program also received an e-mail ransom note demanding $300, to be paid by electronic transfer, for the key required to unlock all their files. Another type of ransomware uses a Trojan to encrypt files on a victim's computer but doesn't send a ransom note. Instead, it counts on the victim looking on the Internet for information about malware that encrypts files. The data kidnapper makes their money by selling software on legitimate web sites that can be purchased to decrypt the files. 

With another type, the malware dupes the victim into believing he is the subject of an police enquiry. The infected computer's browser might appear to freeze, displaying a splash page with law enforcement logos. Typically, the page informs the victim that his computer has been involved in illegal activies. The victim is then instructed to pay an electronic fine to restore their computer.

Most antivirus vendors have signatures that can block the known types of ransomware. To protect against future manifestations of data kidnapping -- and many other online crimes -- experts urge that users back up data regularly, practice cautious browsing and refrain from opening unexpected e-mail attachments.

See also: cyberextortion, DoS extortion, spear phishing, pretexting

This was last updated in March 2011
Posted by: Margaret Rouse

Related Terms



  • Application security

    - Terms related to application security, including procedural definitions for preventing software vulnerabilities and words and phrases about secure code development.

  • Internet applications

    - This glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question About ransomwarePowered by

Get answers from your peers on your most technical challenges

Tech TalkComment



    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.