Ransomware spreads through e-mail attachments, infected programs and compromised websites. A ransomware malware program may also be called a cryptovirus, cryptotrojan or cryptoworm.
Attackers may use one of several different approaches to extort money from their victims:
- After a victim discovers he cannot open a file, he receives an email ransom note demanding a relatively small amount of money in exchange for a private key. The attacker warns that if the ransom is not paid by a certain date, the private key will be destroyed and the data will be lost forever.
- The victim is duped into believing he is the subject of an police inquiry. After being informed that unlicensed software or illegal web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
- The malware surreptitiously encrypts the victim's data but does nothing else. In this approach, the data kidnapper anticipates that the victim will look on the Internet for how to fix the problem and makes money by selling anti-ransomware software on legitimate websites.
To protect against data kidnapping, experts urge that users backup data on a regular basis. If an attack occurs, do not pay a ransom. Instead, wipe the disk drive clean and restore data from the backup.
See also: cyberextortion, DoS extortion, cryptoperiod