What is “ransomware” and whom does it impact?


“Ransomware” is a form of malware that blocks access to a computer system, locking all or some of the content on the computer system until a specified amount of money has been paid to the operator(s) of the malware. Once the money (most often in the form of bitcoins) has been paid via a series of online transactions and money shuffling per instructions given by the malware operator(s), the user’s files and access to the computer system are unlocked.


How does one become infected with ransomware? Typically spear-phishing emails are sent to the target, which could be a particular individual of interest or employees at a company or police department, for instance. These emails appear legitimate, reminding users to perhaps update their software to the latest version by clicking on the link below, or to “check out this link” for more information on the latest and greatest products. All it takes is one person clicking on the link in the email to infect their computer and the network the workstation is attached to. You will know your computer (or certain files on the computer system) has been rendered inoperable by the malware because most often, the malware produces a pop-up message (that may appear to be from law enforcement or otherwise) with instructions for the user on the amount of money to be paid and how to complete the transaction, along with a countdown timer. If the ransom isn’t paid in time, the blocked content is often destroyed. Unfortunately, too often even if the ransom is paid, the operator of the malware never sends the code needed to unlock their computer system.


There are many different forms of ransomware, just as there are many different computer viruses and other forms of malware. Some of the most common forms of ransomware are CryptoLocker, CryptoLocker 2.0 (a serious form of ransomware that is difficult to trace to the source because it is routed through the Tor Network), Cryptorbit, TorLocker, and BitCrypt 2, though new versions of ransomware software are routinely appearing.


Ransomware can impact anyone. However, the operators of such malware often target specific individuals (e.g., specific military personnel, Hollywood actors) or large companies, and more recently police departments have become common targets.


For more information, check out the European Cybercrime Center’s (EC3) most recent (2014) Police Ransomware Threat Assessment.