Ransomware is a quickly developing form of malware, in which the attacker gains access to a user's data, typically through a phishing scam or some other method of having an authorized user deploy the malware within the network. Then, the malware encrypts the user's data using strong encryption. Once the data has been encrypted, the attacker contacts the user and extorts money from the user in order to decrypt the user's data. In short, the attacker demands money in exchange for the decryption key for the strong encryption that was used to encrypt the user's data. This type of attack affects many thousands of users and corporations per year. Moreover, and more troubling, the prevalence of ransomware attacks is rising rapidly due to its simple concept and deployment.
There have been many instances of ransomware attacks in the near past. For example, the Board of Water and Light in Lansing, Mich., was recently attacked by ransomware. The Board of Water and Light first noticed the attack on Apr. 25, 2016, but was not able to fully recover from the attack for over a week, costing money and time.
Ransomware attacks work because conventional file systems utilize access control based on user accounts and authority that is associated with a user's account. When a ransomware application gains access to the user account (which happens when the ransomware is harmful), then it is able to access the entire user space. More troubling, when ransomware gains access to an administrator's (root) account, it is able to access the entire file system.