What is ransomware?

Cybercrime is a threat that impacts people throughout the world and right here in New Jersey too. Cybercrimes include a variety of scams, identity theft, exploitation of children and attacks on computer systems. For victims, including businesses, the effects are frustrating and costly. Ransomware attacks are one type of internet crime that affects businesses large and small, as well as government and law enforcement agencies.

According to the FBI, ransomware is a type of malware used by hackers to extort money from victims by locking down sensitive digital files and requiring a ransom for their release. This type of attack can be devastating due to loss of proprietary information and disruption of regular business practices. Files may also contain sensitive personal information that cause customers to discontinue doing business with a company that has been hacked. It can happen on home computers too, where the loss may be either financial or personal by attacking videos, photos or other data.

A typical attack involves getting the computer user to click on a link that may appear to be a legitimate link, e-fax or invoice that instead launches the ransomware code. This code then attaches to files on local drives, as well as any attached drives. Once the initial computer is infected, the malware can spread to other networked computers as well. Users typically see messages that demand payment before sending an encryption key—if they bother to send it at all.

With public campaigns to increase awareness and email systems evolve to detect and deter spam, the attackers have only become more sophisticated, targeting individual users. Recent developments have allowed criminals to place malware on legitimate business websites that take advantage of visitors in that way.

The FBI recommends not paying ransoms because there is no guarantee you will receive a “fix” from the criminals and instead, it may encourage increased activity. The agency suggests businesses spend great effort in prevention measures that include educating employees in best practices to avoid such attacks as well as investing in a business continuity plan for backup.

This article contains general information and is not intended to be legal advice.

Tell us about your criminal case