Ransomware is a hot topic in the healthcare industry but do you really know what ransomware is?

Ransomware is a type of malware that infects a computer and restricts access to data until a ransom is paid to unlock it. Ransomware is not a new threat but recently it’s been used in more sophisticated and highly targeted attacks. The purpose of ransomware is to extort money from users and organizations.

Older versions of ransomware denied or blocked access to the computer or its files and then an on-screen alert provided the users with instructions on how to provide payment in order to regain access to the blocked files. Newer versions of ransomware encrypt user files with strong encryption methods such as RSA, AES, etc. An on-screen alert provides users instructions on how to provide payment, most often in bitcoin, to regain access to the encrypted files.

The most common types of ransomware are Crysis, CryptoLocker, CryptoWall, CTB-Locker, Locky, SamSam.exe, TorrentLocker, Teslacrypt, and RAA. Below are further details about the three most common ransomware types:

Trojan.Randsom.C is a locking ransomware that blocks user’s access to their computer. A fee to unblock the computer must be paid via phone.

Reventon is another locking ransomware. It claims to be a legitimate, geographically relevant law enforcement agency authority and blocks users from accessing their computer. A “fine” is demanded in order for the use to regain access to their computer.

RAA is a type of ransomware that is written entirely in JavaScript. It is typically delivered via phishing emails that contain a .text.js attachment. On most Windows workstations, the attachment appears to be a “filename.txt” document (the .js is typically hidden) and once the file is opened, the ransomware begins encrypting files and then displays a message demanding ransom.