Ransomware is a quickly developing form of malware, in which the attacker gains access to a user's data, typically through a phishing scam or some other method of having an authorized user deploy the malware within the network. Then, the malware encrypts the user's data using strong encryption. Once the data has been encrypted, the attacker contacts the user and extorts money from the user in order to decrypt the user's data. In short, the attacker demands money in exchange for the decryption key for the strong encryption that was used to encrypt the user's data. This type of attack affects many thousands of users and corporations per year. Moreover, and more troubling, the prevalence of ransomware attacks is rising rapidly due to its simple concept and deployment.
There have been many instances of ransomware attacks in the near past. For example, the Board of Water and Light in Lansing, Mich., was recently attacked by ransomware. The Board of Water and Light first noticed the attack on Apr. 25, 2016, but was not able to fully recover from the attack for over a week, costing money and time.
Once a user's data is encrypted, it is entirely inaccessible, and the only ways to gain access to the user's data is to pay for the decryption key, which is undesirable and promotes ransomware attacks, to decode the encryption which is unrealistic and overtly time-consuming for most victims of ransomware attacks, or to retrieve a most recent copy of the user's data from a backup file. However, many users and organizations do not maintain backups diligently or keep them current enough to help in a ransomware attack. The user and/or organization will usually be completely unaware that an encryption process of a ransomware attack is running until it is too late to stop the encryption process and save the user's data.