Ransomware (also known as encryption Trojans or blackmail Trojans) are a specific family of malware which encrypts data on the victim's computer and on network shares, thereby making the data unusable for the victim. The ransomware subsequently displays a "locked screen" to the victim requesting that the victim pay a specific sum in the form of bitcoins (internet currency) to the attackers so that the data can be decrypted. The ransomware scene is continually expanding and the current versions are potentially much more damaging than the initial versions, which just blocked the screen without damaging data. The gateway for encryption Trojans such as these are contaminated e-mails and hacked websites.
Effects and risks
- Rendering data unusable on the computer
- Financial loss in the event of payment of the ransom
In 2015, the Reporting and Analysis Centre for Information Assurance MELANI observed various waves of ransomware attacks and issued warnings. Among these was the encryption malware TeslaCrypt which is currently still active. This malware, which encrypts data and subsequently demands ransom money, has been spreading rapidly in Switzerland since December. The new variant is spread mainly via infected email attachments (a ".zip" attachment which contains a ".js" file). Once it is installed, TeslaCrypt encrypts files on the computer (e.g. photos and Excel or Word files). The victim subsequently receives a message containing a demand for money from the criminals. In return for the money, the victim should receive the decryption key for recovering the
files. Various antivirus products can counter this malware. However, it is too late in most cases because the files on the computer have already been encrypted. In this case, the problem is thus not removing the malware, but recovering the original data.