File encrypting malware (also known as ransomware, “crypters”, or cryptoviral extortion) is a class of malware which restricts a user's access to files on their system by encrypting the files. Generally, such malware will demand that the user pays to have their files decrypted. Recovery from file encrypting malware is difficult, as decrypting the files requires obtaining the decryption key for the encryption. In some cases, this may be recovered from the file encrypting malware itself. However, newer file encrypting malware programs often use asymmetrical encryption, or a random encryption key which is sent to a remote server after encryption and is not stored locally, making recovery of the key impossible. The encryption algorithms are generally strong enough to prevent decryption without obtaining the key.
File encrypting malware is a particular problem for business users, as the malware may encrypt files both on the local machine, and on any accessible network drives, causing costly disruptions. Current methods of detecting file encrypting malware are substantially the same as those for detecting other malware, e.g. using known signatures, or heuristic analysis of malware-containing files.