Ransomware

Ransomware

Taken from GlobalSign

  1. Definition: We all watched movies in which criminals kidnap people and demand ransom (usually, in the form of a large sum of money) to release them. The same nowadays also happens with devices and data: Software that breaks into a device, encrypts its files, and publishes a ransom request notification to have the data decrypted (= released back to the user) is called ransomware.

    The fear is that, as in real life, there is no guarantee that the attacker actually releases the data. Also, the attacker might sell the data or post it online, regardless of the received ransom. For these reasons, the U.S. government, and specifically the FBI, advises NOT to pay any ransom.

    Reason for the name: Abbreviation of ransom malware.
    Propagation: Ransomware first gets access to a device (possibly, with the help of other malware,) encrypts the files on the device, and then posts a ransom request to the user.
    Examples of well-known ransomware: WannaCry and Locky.