A ransomware program can be installed from an e-mail attachment, an infected program, or a compromised Web site. Malware used for this purpose is sometimes called a cryptovirus, cryptotrojan or cryptoworm.
Ransomware is not new. A paper entitled "Cryptovirology: Extortion-Based Security Threats and Countermeasures," written by security experts at Columbia University and IBM, clearly outlined the concept back in 1996. In the past, though, data kidnappers targeted businesses rather than individuals.
In March 2006, ransomware known as Crypzip or Zippo circulated to private users on the Internet. Recipients of the Trojan horse program also received an e-mail ransom note demanding $300, to be paid by electronic transfer, for the key required to unlock all their files. Another type of ransomware uses a Trojan to encrypt files on a victim's computer but doesn't send a ransom note. Instead, it counts on the victim looking on the Internet for information about malware that encrypts files. The data kidnapper makes their money by selling software on legitimate web sites that can be purchased to decrypt the files.
With another type, the malware dupes the victim into believing he is the subject of an police enquiry. The infected computer's browser might appear to freeze, displaying a splash page with law enforcement logos. Typically, the page informs the victim that his computer has been involved in illegal activies. The victim is then instructed to pay an electronic fine to restore their computer.
Most antivirus vendors have signatures that can block the known types of ransomware. To protect against future manifestations of data kidnapping -- and many other online crimes -- experts urge that users back up data regularly, practice cautious browsing and refrain from opening unexpected e-mail attachments.