Ransomware is a growing threat to computer users, who can suddenly find they're unable to open or use their files when their machines are infected. The malicious software can attack any user — an individual, small business, Fortune 500 company or a government agency.
Some questions and answers about ransomware:
Q. What is ransomware?
A. It's a type of software used by hackers to extort money from computer and smartphone users. A program called CryptoLocker appeared several years ago, and made files like word processing documents and photos inaccessible to computer users unless they paid a ransom, usually $500 to $700. Law enforcement agencies shut Cryptolocker down in 2014, but there is a new generation, with versions called Cryptoware and Cryptowall.
Q. How does it work?
A. Ransomware infiltrates a computer after a user clicks on a link or attachment in an email. It can also attack when a user visits a website, including well-known ones with good security systems, according to technology consultant Greg Miller of CMIT Solutions of Goshen, New York. Once inside the computer, it encrypts or locks up files, making them impossible to use. It can also lock up a network of computers if it infects a server, a computer that links PCs.
Q. How does a user pay a ransom?
A. Bitcoins, an online currency that is hard to trace, are becoming the preferred way hackers collect ransoms, according to FBI Special Agent Thomas Grasso, who is part of the government's efforts to fight malicious software including ransomware.
Q. How many attacks have there been? And how many users pay a ransom?
A. During 2013, the number of attacks each month rose from 100,000 in January to 600,000 in December, according to a report last year by Symantec, the maker of antivirus software.
The majority of ransomware attacks go unreported because people or businesses are embarrassed about having been hacked or paid a ransom, Grasso says.
Q. How is an infected computer repaired?
A. If a ransom is paid, the hackers generally send users a computer code that unlocks the files one by one. Depending on how many files are infected, the process can take weeks.
If there is a backup, the machine must be stripped of all files and software and reset to what's called factory condition. That process will also remove the ransomware. New files and software are then installed from the backup.