Ransomware is a type of malware used for data kidnapping, an exploit in which the attacker encrypts the victim's data and demands payment for the decryption key. A ransomware program can be installed from an e-mail attachment, an infected program, or a compromised or malicious Web site. Malware used for this purpose is sometimes called a cryptovirus, cryptotrojan or cryptoworm.
Ransomware is not new. A paper entitled "Cryptovirology: Extortion-Based Security Threats and Countermeasures," written by security experts at Columbia University and IBM, clearly outlined the concept back in 1996. In the past, though, data kidnappers targeted businesses rather than individuals. In March 2006, ransomware known as Crypzip or Zippo circulated to private users on the Internet. Recipients of the Trojan horse program also received an e-mail ransom note demanding $300, to be paid by electronic transfer, for the key required to unlock all their files.
A newer type of ransomware uses a Trojan to encrypt files on a victim's computer but doesn't send a ransom note. Instead, it counts on the victim looking on the Internet for information about malware that encrypts files. The data kidnapper makes their money by selling software on legitimate web sites that can be purchased to decrypt the files.
Most antivirus vendors have signatures that can block the known types of ransomware. To protect against future manifestations of data kidnapping -- and many other online crimes -- experts urge that users back up data regularly, practice cautious browsing and refrain from opening unexpected e-mail attachments.
Learn more:Ransomware: How to deal with advanced encryption algorithms
So, what should you do when you get that dreaded phone call from your CEO? Here are a few helpful tips
Has ransomware made a comeback?
Security expert Ed Skoudis explains why he thinks ransomware is not an effective attack vector.