Ransomware is a type of malicious software, or malware, designed to block access to a computer system or the files on it until a ransom is paid. Once the ransomware is installed, it typically encrypts the user's files, preventing them from being accessed until the user pays a ransom, usually in the form of cryptocurrency, to regain access. Encrypting ransomware has 2 main forms, Locker Ransomware, and Crypto Ransomware. Crypto ransomware locks user files, such as database contents, documents, images, and videos. Locker ransomware often locks or severely limits access to the UI. Ransomware extends to further forms such as Doxware, where attackers download a copy of personal data and threaten to release it, and ransomware scareware. Where no encryption has occured.
Paying the ransom is contentious, as it rewards criminals for their behaviour, invests in these criminal gangs, and provides them with the resources to develop new attacks, and hurt people further. It's also risky, as the criminal gang may take the money and run, and not be willing or even capable of recovering the data. Various legality by country. Some organisation's find it's cheaper to pay the ransom than to recover it. Or there may be time-pressure to unlock safety-critical machines, such as in a hospital. Ransomware can have lethal consequences.
Ransomware motivations include:
- Money - Lucrative payouts when a victim pays for their information to be unlocked.
- Disruption - Attacking a country and discouraging global corporations from doing business there.
- Data Destruction and Cover - Destructive ransomware such as NotPetya may have been a way for attackers to hide evidence.
- NotPetya - Notpetya's 2017 attack targeted Ukrainian infrastructure, including hospitals, energy grid, airports, banks, financial infrastructure, and most Ukrainian federal agencies The attack also spread to major global corporations.
- In 2020 the first known case of a death directly linked to a ransomware attack occured after an attack on DÃ¼sseldorf University Hospital, causing the patient to be driven 19 miles (30 kilometers) to another hospital.