photo d'un, ordinateur portable

Definition: Ransomware

Ransomware is an extortion tactic that uses malware to hold a user’s computer system hostage until a ransom is paid. Attackers typically demand payment in cryptocurrency such as Bitcoin, due to its perceived anonymity and ease of online payment. The malware used in a software attack against which ransomware is demanded locks the user’s computer for a limited time, after which the amount demanded by the ransomware increases or the user’s data is destroyed.

Understanding the principle of Ransomware

Ransomware is a rapidly growing criminal activity affecting businesses, financial institutions, government agencies, medical institutions and other organizations; they are the product of the advancement of digital technology. Although advances in digital technology have allowed businesses to improve their relationships with consumers by offering them more personalized services at personalized costs, technology is not only used by legitimate users to improve their processes. Miscreants are also using emerging technology tools to enhance their online attacks, whether for pleasure or for profit. Data breaches aim to steal personally identifiable information from individuals to be sold through underground web channels to obtain legal tender or cryptocurrencies.

Cyberattacks such as denial of service (DoS) can be carried out for fun or to make a statement. Some attackers deny a company access to its computer by demanding a certain amount of Bitcoin as payment in order to re-enter the system. The latter unscrupulous way of obtaining payment and is done through Ransomware, which is somewhat of a form of DoS attack.

How does ransomware work?

Ransomware is a type of malicious software, or malware, that encrypts a computer’s system data with a key that only the attacker has. Malware is normally injected into an unsecured email attachment, software, or website. A user who attempts to access one of these infected programs will trigger the malware which either locks the computer screen or encrypts system files. A full-screen window appears with information that the user’s computer has been blocked, the amount of money or Bitcoins needed to unlock the system, and a countdown timer which indicates the time remaining before the data held hostage is destroyed or the ransom is increased. Ransom attackers usually demand that payment be made via Western Union or a specialized text message. Some attackers demand payment in the form of gift cards, such as an Amazon or iTunes gift card. Ransom demands can range from a few hundred euros to more than 50,000 euros. Once payment is made, hackers decrypt the files and release the system.

A lire également  P2P definition

Attackers can infect multiple computers at once using botnets. A botnet is a network of devices compromised by cybercriminals without the knowledge of their owners. Hackers infect computers with malware that gives them control of systems and use these disrupted devices to send millions of compromised attachments to other devices and systems. By kidnapping multiple systems and expecting the ransom to be paid, the perpetrators are counting on a huge cash flow.

Examples of ransomware use

A company that was taken hostage by ransomware may have its proprietary information destroyed, its activities disrupted, its reputation tarnished and its finances lost. In 2016, Hollywood Presbyterian Medical Center paid approximately $17,000 in bitcoin to ransomware attackers who had taken the hospital’s patient data hostage. During the crisis, some patients had to be transferred to other hospitals for treatment and the medical records system remained inaccessible for ten days, disrupting the hospital’s daily operations.