In general, ransomware is a type of malware (i.e., malicious software) that is designed to take control of an electronic communication device, prevent its owner from accessing the electronic communication device, notify its owner that the electronic communication device has been held ransom, demand payment from the owner, and return access to electronic communication device after payment. There have been many instances of ransomware attacks when the hackers have taken control of a company’s servers and prevented its employees from accessing the network and database servers. The hackers would notify the employees by email and demand payment of funds in order to return access to their computers. Now, in some instances, a payment was necessary, but in some exceptional cases the company owners can have an advantage over the hackers and not be required to transfer the funds.
There are several types of ransomware. First, there are applications that fall under the category of scareware and intended to create fear for the recipients and force them to purchase unnecessary software. Second, there is prankware which is intended to cause fear by sending unanticipated pictures, sounds, or videos. For example, NightMare was a type of prankware that would remain dormant on the recipient’s computer and launch itself by changing the computer screen to a skull and playing a loud noise. Third, there is a group of crypto-ransomware named as GPCode or PGPCoder that claims to use PGP encryption to prevent file access. So, in other words, it’s a virus that encrypts files on the infected computer and demands a ransom to release access to the encrypted files. The hackers have been able to become more effective with their tools. The new generation of this type of ransomware denies user access to files by writing encrypted files to a new location and deleting the original file. However, this strategy was ineffective since a file restoration would allow the victim to recover the files. Fourth, CryptoLocker became the new generation of ransomware. It shares similar distribution models of previous ransomware variants and relied on phishing attacks with portable executable attachments. It would install itself on the user’s profile folder and add a registry key to run on startup to maintain persistence. Then, it would start to communicate with the command and control server to generate an RSA-2048 key pair and send the public key to the victim host.
What are the relevant laws?