Definition

ransomware (cryptovirus, cryptotrojan or cryptoworm)

Part of the Application security glossary:

Ransomware is a type of malware used for data kidnapping, an exploit in which the attacker encrypts the victim's data and demands payment for the decryption key. A ransomware program can be installed from an e-mail attachment, an infected program, or a compromised or malicious Web site. Malware used for this purpose is sometimes called a cryptovirus, cryptotrojan or cryptoworm.

Ransomware is not new. A paper entitled "Cryptovirology: Extortion-Based Security Threats and Countermeasures," written by security experts at Columbia University and IBM, clearly outlined the concept back in 1996. In the past, though, data kidnappers targeted businesses rather than individuals. In March 2006, ransomware known as Crypzip or Zippo circulated to private users on the Internet. Recipients of the Trojan horse program also received an e-mail ransom note demanding $300, to be paid by electronic transfer, for the key required to unlock all their files.

A newer type of ransomware uses a Trojan to encrypt files on a victim's computer but doesn't send a ransom note. Instead, it counts on the victim looking on the Internet for information about malware that encrypts files. The data kidnapper makes their money by selling software on legitimate web sites that can be purchased to decrypt the files.

Most antivirus vendors have signatures that can block the known types of ransomware. To protect against future manifestations of data kidnapping -- and many other online crimes -- experts urge that users back up data regularly, practice cautious browsing and refrain from opening unexpected e-mail attachments.

See also: cyberextortion, DoS extortion

 

Learn more:

Ransomware: How to deal with advanced encryption algorithms
So, what should you do when you get that dreaded phone call from your CEO? Here are a few helpful tips

Has ransomware made a comeback?
Security expert Ed Skoudis explains why he thinks ransomware is not an effective attack vector. 

This was last updated in March 2011
Posted by: Margaret Rouse

Related Terms

Definitions

  • DCPromo (Domain Controller Promoter)

    - DCPromo (Domain Controller Promoter) is a tool in Active Directory that installs and removes Active Directory Domain Services and promotes domain controllers. (SearchWindowsServer.com)

  • virtual patching

    - Virtual patching is the quick development and short-term implementation of a security policy meant to prevent an exploit from occurring as a result of a newly discovered vulnerability. A virtual pa... (WhatIs.com)

  • mobile app security

    - Mobile app security is the extent of protection that mobile device application programs (apps) have from malware and the activities of crackers and other criminals. (WhatIs.com)

Glossaries

  • Application security

    - Terms related to application security, including procedural definitions for preventing software vulnerabilities and words and phrases about secure code development.

  • Internet applications

    - This WhatIs.com glossary contains terms related to Internet applications, including definitions about Software as a Service (SaaS) delivery models and words and phrases about web sites, e-commerce ...

Ask a Question. Find an Answer.Powered by ITKnowledgeExchange.com

Ask An IT Question

Get answers from your peers on your most technical challenges

Ask Question

Tech TalkComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top