Ransomware: The smart person’s guide

This guide covers the history of ransomware, the systems being targeted in ransomware attacks, and what you can do to avoid paying a ransom in the event of an attack.

In the past, security threats often involved scraping information from systems that could be used for other crimes such as identity theft. Now, criminal organizations have proceeded to directly demanding money from victims by holding their devices—and data—hostage. This trend of ransomware, in which data is encrypted and victims are prompted to pay for the key, has been growing rapidly since late 2013. TechRepublic's smart person's guide about ransomware is a quick introduction to this security threat, as well as a "living" guide that will be updated periodically as new exploits and defenses are developed.

What is it?

Ransomware is malware. The hackers demand payment, often via Bitcoin or prepaid credit card, from victims in order to regain access to an infected device and the data stored on it.

Why does it matter?

Because of the ease of deploying ransomware, criminal organizations are increasingly relying on such attacks to generate profits.

Who does this affect?

While home users have traditionally been the targets, healthcare and the public sector have been targeted with increasing frequency. Enterprises are more likely to have deep pockets from which to extract a ransom.

When is this happening? Ransomware has been an active and ongoing threat since September 2013.

How do I protect myself from a ransomware attack? A variety of tools developed in collaboration with law enforcement and security firms are available to decrypt your computer.

Ransomware is a subclass of malware that is characterized by holding device control—and therefore locally stored data—for a ransom, which is typically paid using virtual currencies such as Bitcoin, though often premium SMS messaging and prepaid credit cards are alternative options. Sophisticated ransomware attacks employ disk or file-level encryption, making it impossible to recover files without paying the ransom demanded by the hackers.

Historically, ransomware has invoked law enforcement to coerce victims into paying—displaying warnings such as the FBI logo and a message indicating that illegal file sharing has been detected. More recently, the authors of ransomware payloads clearly indicate that a device has simply been hacked.

Ransomware payloads are typically distributed on file-sharing networks, but have also been distributed as part of a malvertising campaign on the Zedo ad network, as well as through phishing emails that disguise the payload as maliciously crafted images or as executables attached to emails.

Why does ransomware matter?

For criminal organizations, the use of ransomware provides a very straight line from development to profit, as the comparatively manual labor of identity theft requires more resources. As such, the burgeoning growth of ransomware can be attributed to the ease of deployment, and a high rate of return relative to the amount of effort put forth.

More Details in Part 2