How Ransomware Works: QuickTake Q&A

An increasingly popular and disruptive form of cybercrime is ransomware, which makes files and data stored on computers inaccessible unless a fee is paid. Once a niche area for hackers, the attacks are now affecting government agencies and some of the world’s biggest corporations. Companies hit in 2017 included A.P. Moller-Maersk, FedEx Corp., Nissan Motor Co., Russia’s largest oil producer Rosneft and advertising giant WPP Plc. The U.K. National Health Service and a number of Ukrainian agencies were also harmed. With sophisticated ransomware software available online for hackers to use and the rise of anonymous digital currencies such as bitcoin, there are fears the attacks will only continue.

It’s a form of malicious software, “malware” for short, that essentially holds a device hostage until a fee is paid to restore it to normal. In the case of the WannaCry worm in May, the ransom was $300 in bitcoin, payable within 72 hours. In June, a South Korean web hosting company agreed to pay more than $1 million to unlock its servers, the largest known payout. The virus spreads from machine to machine on a network, often via email attachments from rogue senders. The targets are usually older computer operating systems that have not been properly maintained with up-to-date security software.