What is Ransomware?
Ransomware ( ) is defined as a type of malicious software that block access to data and threatens the Data's owner to pay a sum of money if they want the data back. Some ransomware also threatens to publish the data for money.
A simple ransomware usually lock the system in a way which is not difficult for a knowledgeable person to reserve, but the more advanced malwares uses a technique called cryptoviral extortion which will encrypts the victim's files and document, making them inaccessible, then they will ask the victim to pay a sum of money to decrypt them.
Ransomware may also encrypt the computer's MFT (Master File Table) or even the entire hard drives. Thus, ransomware is a denial-of-access attack that prevent users from accessing files since it is intractable to decrypt the files without dectyption key.
Ransomware attacks are typically carried out using a Trojan that has a payload disguised as a legitimate files.
Ransomware infection were first seen in Rusia between 2005 - 2006. Trend Micro published a report on case in 2006 that involved a ransomware variant which was detected as TROJ_CRYZIP.A will zip a certain file types before overwriting the original files, leaving only the password-protected zip files in the user's system. It also create a text file that acted as the ransom note informing the users that the files can be retrieved in exchange for $300.
In its earlier years, ransomware typically encrypted particular file types such as DOC, XLS, JPG, ZIP, PDF, and other commonly used file extensions.
